From ced003d99ca614b33df8ff3f9ebb981a5fee2eda Mon Sep 17 00:00:00 2001 From: "Md. Ishtiaq Islam" Date: Wed, 12 Jun 2024 13:19:32 +0600 Subject: [PATCH] Update apis Signed-off-by: Md. Ishtiaq Islam --- apis/constant.go | 1 + apis/core/v1alpha1/backupbatch_types.go | 4 + .../v1alpha1/backupconfiguration_types.go | 112 +- .../v1alpha1/backupconfiguration_webhook.go | 8 +- apis/core/v1alpha1/backupsession_helpers.go | 11 - .../v1alpha1/backupverification_helpers.go | 42 - .../core/v1alpha1/backupverification_types.go | 163 - .../v1alpha1/backupverification_webhook.go | 137 - .../backupverificationsession_helpers.go | 51 +- .../backupverificationsession_types.go | 20 +- apis/core/v1alpha1/zz_generated.deepcopy.go | 341 +- apis/storage/v1alpha1/snapshot_types.go | 4 + crds/core.kubestash.com_backupbatches.yaml | 18794 +++++++++++ ...re.kubestash.com_backupconfigurations.yaml | 26510 +++++++++++----- crds/core.kubestash.com_backupsessions.yaml | 20 - ...ore.kubestash.com_backupverifications.yaml | 3262 +- ...bestash.com_backupverificationsession.yaml | 32 +- crds/storage.kubestash.com_snapshots.yaml | 4 + 18 files changed, 39120 insertions(+), 10396 deletions(-) delete mode 100644 apis/core/v1alpha1/backupverification_helpers.go delete mode 100644 apis/core/v1alpha1/backupverification_types.go delete mode 100644 apis/core/v1alpha1/backupverification_webhook.go diff --git a/apis/constant.go b/apis/constant.go index b6b80523..a52104e5 100644 --- a/apis/constant.go +++ b/apis/constant.go @@ -49,6 +49,7 @@ const ( PrefixRetentionPolicy = "retentionpolicy" PrefixPopulate = "populate" PrefixPrime = "prime" + PrefixVerify = "verify" ) const ( diff --git a/apis/core/v1alpha1/backupbatch_types.go b/apis/core/v1alpha1/backupbatch_types.go index 6d532050..af3c0eb3 100644 --- a/apis/core/v1alpha1/backupbatch_types.go +++ b/apis/core/v1alpha1/backupbatch_types.go @@ -61,6 +61,10 @@ type BackupBatchSpec struct { // Session defines a list of session configurations that specifies when and how to take backup. Sessions []BatchSession `json:"sessions,omitempty"` + // VerificationStrategies specifies a list of backup verification configurations + // +optional + VerificationStrategies []VerificationStrategy `json:"verificationStrategies,omitempty"` + // Paused indicates that the BackupBatch has been paused from taking backup. Default value is 'false'. // If you set `paused` field to `true`, KubeStash will suspend the respective backup triggering CronJob and // skip processing any further events for this BackupBatch. diff --git a/apis/core/v1alpha1/backupconfiguration_types.go b/apis/core/v1alpha1/backupconfiguration_types.go index 5a11d7e5..a8d765ad 100644 --- a/apis/core/v1alpha1/backupconfiguration_types.go +++ b/apis/core/v1alpha1/backupconfiguration_types.go @@ -21,7 +21,6 @@ import ( batchv1 "k8s.io/api/batch/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" kmapi "kmodules.xyz/client-go/api/v1" ofst "kmodules.xyz/offshoot-api/api/v1" ) @@ -298,16 +297,9 @@ type VerificationStrategy struct { // Name indicates the name of this strategy. Name string `json:"name,omitempty"` - // Namespace specifies where the verification resources should be created. - Namespace string `json:"namespace,omitempty"` - - // Verifier refers to the BackupVerification CR that defines how to verify this particular data. - Verifier *kmapi.ObjectReference `json:"verifier,omitempty"` - - // Params specifies the parameters that will be used by the verifier. - // +kubebuilder:pruning:PreserveUnknownFields + // RestoreOption specifies the restore target, addonInfo and manifestOption for backup verification // +optional - Params *runtime.RawExtension `json:"params,omitempty"` + RestoreOption *RestoreOption `json:"restoreOption,omitempty"` // VerifySchedule specifies the schedule of backup verification in Cron format, see https://en.wikipedia.org/wiki/Cron. VerifySchedule string `json:"verifySchedule,omitempty"` @@ -316,13 +308,30 @@ type VerificationStrategy struct { // +optional KeepAlive *metav1.Time `json:"keepAlive,omitempty"` - // Tasks specifies a list of restore tasks and their configuration parameters for backup verification. - Tasks []TaskReference `json:"tasks,omitempty"` - // OnFailure specifies what to do if the verification fail. // +optional // OnFailure FailurePolicy `json:"onFailure,omitempty"` + // Type indicate the types of verifier that will verify the backup. + // Valid values are: + // - "RestoreOnly": KubeStash will create a RestoreSession with the tasks provided in BackupConfiguration's verificationStrategies section. + // - "File": KubeStash will restore the data and then create a job to check if the files exist or not. This type is recommended for workload backup verification. + // - "Query": KubeStash operator will restore data and then create a job to run the queries. This type is recommended for database backup verification. + // - "Script": KubeStash operator will restore data and then create a job to run the script. This type is recommended for database backup verification. + Type VerificationType `json:"type,omitempty"` + + // File specifies the file paths information whose existence will be checked for backup verification. + // +optional + File *FileVerifierSpec `json:"file,omitempty"` + + // Query specifies the queries to be run to verify backup. + // +optional + Query *QueryVerifierSpec `json:"query,omitempty"` + + // Script specifies the script to be run to verify backup. + // +optional + Script *ScriptVerifierSpec `json:"script,omitempty"` + // RetryConfig specifies the behavior of the retry mechanism in case of a verification failure. // +optional RetryConfig *RetryConfig `json:"retryConfig,omitempty"` @@ -339,6 +348,83 @@ type VerificationStrategy struct { RuntimeSettings ofst.RuntimeSettings `json:"runtimeSettings,omitempty"` } +type RestoreOption struct { + // Target indicates the target application where the data will be restored + // +optional + Target *kmapi.TypedObjectReference `json:"target,omitempty"` + + // ManifestOptions provide options to select particular manifest object to restore + // +optional + ManifestOptions *ManifestRestoreOptions `json:"manifestOptions,omitempty"` + + // AddonInfo specifies addon configuration that will be used to restore this target. + AddonInfo *AddonInfo `json:"addonInfo,omitempty"` +} + +// VerificationType specifies the type of verifier that will verify the backup +// +kubebuilder:validation:Enum=RestoreOnly;File;Query;Script +type VerificationType string + +const ( + RestoreOnlyVerificationType VerificationType = "RestoreOnly" + FileVerificationType VerificationType = "File" + QueryVerificationType VerificationType = "Query" + ScriptVerificationType VerificationType = "Script" +) + +// FileVerifierSpec defines the file paths information whose existence will be checked from verifier job. +type FileVerifierSpec struct { + // Paths specifies the list of paths whose existence will be checked. + // These paths must be absolute paths. + Paths []string `json:"paths,omitempty"` +} + +// QueryVerifierSpec defines the queries to be run from verifier job. +type QueryVerifierSpec struct { + MySQL []MySQLQueryOpt `json:"mysql,omitempty"` + Postgres []PostgresQueryOpt `json:"postgres,omitempty"` + MongoDB []MongoDBQueryOpt `json:"mongodb,omitempty"` + Elasticsearch []ElasticsearchQueryOpt `json:"elasticsearch,omitempty"` + Redis []RedisQueryOpt `json:"redis,omitempty"` +} + +type MySQLQueryOpt struct { + Database string `json:"database,omitempty"` + Table string `json:"table,omitempty"` + RowCount *int32 `json:"rowCount,omitempty"` +} + +type PostgresQueryOpt struct { + Database string `json:"database,omitempty"` + Schema string `json:"schema,omitempty"` + Table string `json:"table,omitempty"` + RowCount *int32 `json:"rowCount,omitempty"` +} + +type MongoDBQueryOpt struct { + Database string `json:"database,omitempty"` + Collection string `json:"collection,omitempty"` + DocumentCount *int32 `json:"rowCount,omitempty"` +} + +type ElasticsearchQueryOpt struct { + Index string `json:"index,omitempty"` +} + +type RedisQueryOpt struct { + Database string `json:"database,omitempty"` + DbSize *int32 `json:"dbSize,omitempty"` +} + +// ScriptVerifierSpec defines the script location in verifier job and the args to be provided with the script. +type ScriptVerifierSpec struct { + // Location specifies the absolute path of the script file's location. + Location string `json:"location,omitempty"` + + // Args specifies the arguments to be provided with the script. + Args []string `json:"args,omitempty"` +} + // BackupHooks specifies the hooks that will be executed before and/or after backup type BackupHooks struct { // PreBackup specifies a list of hooks that will be executed before backup diff --git a/apis/core/v1alpha1/backupconfiguration_webhook.go b/apis/core/v1alpha1/backupconfiguration_webhook.go index 663f7bcd..2fc6fb31 100644 --- a/apis/core/v1alpha1/backupconfiguration_webhook.go +++ b/apis/core/v1alpha1/backupconfiguration_webhook.go @@ -448,12 +448,12 @@ func (b *BackupConfiguration) validateVerificationStrategies() error { } for _, vs := range b.Spec.VerificationStrategies { - if vs.Namespace == "" { - return fmt.Errorf("namespace for verification strategy %q cannot be empty", vs.Name) + if vs.RestoreOption == nil { + return fmt.Errorf("restoreOption for verification strategy %q cannot be empty", vs.Name) } - if vs.Verifier == nil { - return fmt.Errorf("verifier for verification strategy %q cannot be empty", vs.Name) + if vs.RestoreOption.AddonInfo == nil { + return fmt.Errorf("addonInfo in restoreOption for verification strategy %q cannot be empty", vs.Name) } if vs.VerifySchedule == "" { diff --git a/apis/core/v1alpha1/backupsession_helpers.go b/apis/core/v1alpha1/backupsession_helpers.go index d89f19e8..5855216e 100644 --- a/apis/core/v1alpha1/backupsession_helpers.go +++ b/apis/core/v1alpha1/backupsession_helpers.go @@ -63,7 +63,6 @@ func (b *BackupSession) CalculatePhase() BackupSessionPhase { b.failedToExecutePreBackupHooks() || b.failedToExecutePostBackupHooks() || b.failedToApplyRetentionPolicy() || - b.verificationsFailed() || b.sessionHistoryCleanupFailed()) { return BackupSessionFailed } @@ -110,16 +109,6 @@ func (b *BackupSession) failedToApplyRetentionPolicy() bool { return false } -func (b *BackupSession) verificationsFailed() bool { - for _, v := range b.Status.Verifications { - if v.Phase == VerificationFailed { - return true - } - } - - return false -} - func (b *BackupSession) calculateBackupSessionPhaseFromSnapshots() BackupSessionPhase { status := b.Status.Snapshots if len(status) == 0 { diff --git a/apis/core/v1alpha1/backupverification_helpers.go b/apis/core/v1alpha1/backupverification_helpers.go deleted file mode 100644 index a982b156..00000000 --- a/apis/core/v1alpha1/backupverification_helpers.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright AppsCode Inc. and Contributors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - corev1 "k8s.io/api/core/v1" - "kubestash.dev/apimachinery/apis" - "kubestash.dev/apimachinery/crds" - - "kmodules.xyz/client-go/apiextensions" -) - -func (_ BackupVerification) CustomResourceDefinition() *apiextensions.CustomResourceDefinition { - return crds.MustCustomResourceDefinition(GroupVersion.WithResource(ResourcePluralBackupVerification)) -} - -func (b *BackupVerification) UsageAllowed(srcNamespace *corev1.Namespace) bool { - allowedNamespace := b.Spec.UsagePolicy.AllowedNamespaces - if *allowedNamespace.From == apis.NamespacesFromAll { - return true - } - - if *allowedNamespace.From == apis.NamespacesFromSame { - return b.Namespace == srcNamespace.Name - } - - return selectorMatches(allowedNamespace.Selector, srcNamespace.Labels) -} diff --git a/apis/core/v1alpha1/backupverification_types.go b/apis/core/v1alpha1/backupverification_types.go deleted file mode 100644 index e75b9795..00000000 --- a/apis/core/v1alpha1/backupverification_types.go +++ /dev/null @@ -1,163 +0,0 @@ -/* -Copyright AppsCode Inc. and Contributors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - core "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - kmapi "kmodules.xyz/client-go/api/v1" - - "kubestash.dev/apimachinery/apis" -) - -const ( - ResourceKindBackupVerification = "BackupVerification" - ResourceSingularBackupVerification = "backupverification" - ResourcePluralBackupVerification = "backupverifications" -) - -// +k8s:openapi-gen=true -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=backupverifications,singular=backupverification,shortName=bv,categories={kubestash,appscode,all} -// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".spec.type" -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" - -// BackupVerification defines how to verify a backup of a target application. -// This is a namespaced CRD. However, you can use it from other namespaces. You can control which -// namespaces are allowed to use it using the `usagePolicy` section. -type BackupVerification struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec BackupVerificationSpec `json:"spec,omitempty"` -} - -// BackupVerificationSpec specifies specification for the verification function and type. -type BackupVerificationSpec struct { - // Function specifies the function name which will be used to verify the backup. - // +optional - Function string `json:"function,omitempty"` - - // UsagePolicy specifies a policy of how this BackupVerification will be used. For example, - // you can use `allowedNamespaces` policy to restrict the usage of this BackupVerification to particular namespaces. - // This field is optional. If you don't provide the usagePolicy, then it can be used only from the current namespace. - // +optional - UsagePolicy *apis.UsagePolicy `json:"usagePolicy,omitempty"` - - // Params defines a list of parameters that is used by the BackupVerification to execute its logic. - // +optional - Params []apis.ParameterDefinition `json:"params,omitempty"` - - // Target indicates the target application where the data will be restored for backup verification. - // +optional - Target *kmapi.TypedObjectReference `json:"target,omitempty"` - - // VolumeMounts specifies the mount path of the volumes specified in the VolumeTemplate section. - // These volumes will be mounted directly on the Job created by KubeStash operator. - // If the volume type is VolumeClaimTemplate, then KubeStash operator is responsible for creating the volume. - // +optional - VolumeMounts []core.VolumeMount `json:"volumeMounts,omitempty"` - - // VolumeTemplate specifies a list of volume templates that is used by the respective backup verification - // Job to execute its logic. - // +optional - VolumeTemplate []VolumeTemplate `json:"volumeTemplate,omitempty"` - - // Type indicate the types of verifier that will verify the backup. - // Valid values are: - // - "RestoreOnly": KubeStash will create a RestoreSession with the tasks provided in BackupConfiguration's verificationStrategies section. - // - "File": KubeStash will restore the data and then create a job to check if the files exist or not. This type is recommended for workload backup verification. - // - "Query": KubeStash operator will restore data and then create a job to run the queries. This type is recommended for database backup verification. - // - "Script": KubeStash operator will restore data and then create a job to run the script. This type is recommended for database backup verification. - Type VerificationType `json:"type,omitempty"` - - // File specifies the file paths information whose existence will be checked for backup verification. - // +optional - File *FileVerifierSpec `json:"file,omitempty"` - - // Query specifies the queries to be run to verify backup. - // +optional - Query []QueryVerifierSpec `json:"query,omitempty"` - - // Script specifies the script to be run to verify backup. - // +optional - Script *ScriptVerifierSpec `json:"script,omitempty"` -} - -// VolumeTemplate specifies the name, usage, and the source of volume that will be used by the -// backup verification job to execute its logic. -type VolumeTemplate struct { - // Name specifies the name of the volume - Name string `json:"name"` - - // Usage specifies the usage of the volume. - // +optional - Usage string `json:"usage,omitempty"` - - // Source specifies the source of this volume. - Source *apis.VolumeSource `json:"source,omitempty"` -} - -// VerificationType specifies the type of verifier that will verify the backup -// +kubebuilder:validation:Enum=RestoreOnly;File;Query;Script -type VerificationType string - -const ( - RestoreOnlyVerificationType VerificationType = "RestoreOnly" - FileVerificationType VerificationType = "File" - QueryVerificationType VerificationType = "Query" - ScriptVerificationType VerificationType = "Script" -) - -// FileVerifierSpec defines the file paths information whose existence will be checked from verifier job. -type FileVerifierSpec struct { - // Paths specifies the list of paths whose existence will be checked. - // These paths must be absolute paths. - Paths []string `json:"paths,omitempty"` -} - -// QueryVerifierSpec defines the queries to be run from verifier job. -type QueryVerifierSpec struct { - // Statement specifies the query statement. - Statement string `json:"statement,omitempty"` - - // ExpectedOutput specifies the expected output for the query. - // If the ExpectedOutput doesn't match, the verifier job will be completed with exit code 1. - ExpectedOutput string `json:"expectedOutput,omitempty"` -} - -// ScriptVerifierSpec defines the script location in verifier job and the args to be provided with the script. -type ScriptVerifierSpec struct { - // Location specifies the absolute path of the script file's location. - Location string `json:"location,omitempty"` - - // Args specifies the arguments to be provided with the script. - Args []string `json:"args,omitempty"` -} - -//+kubebuilder:object:root=true - -// BackupVerificationList contains a list of BackupVerification -type BackupVerificationList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []BackupVerification `json:"items"` -} - -func init() { - SchemeBuilder.Register(&BackupVerification{}, &BackupVerificationList{}) -} diff --git a/apis/core/v1alpha1/backupverification_webhook.go b/apis/core/v1alpha1/backupverification_webhook.go deleted file mode 100644 index 9e9a3c4b..00000000 --- a/apis/core/v1alpha1/backupverification_webhook.go +++ /dev/null @@ -1,137 +0,0 @@ -/* -Copyright AppsCode Inc. and Contributors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "fmt" - "k8s.io/apimachinery/pkg/runtime" - "kubestash.dev/apimachinery/apis" - ctrl "sigs.k8s.io/controller-runtime" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" - "sigs.k8s.io/controller-runtime/pkg/webhook/admission" -) - -// log is for logging in this package. -var backupverificationlog = logf.Log.WithName("backupverification-resource") - -func (r *BackupVerification) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(r). - Complete() -} - -// TODO(user): EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! - -//+kubebuilder:webhook:path=/mutate-core-kubestash-com-v1alpha1-backupverification,mutating=true,failurePolicy=fail,sideEffects=None,groups=core.kubestash.com,resources=backupverifications,verbs=create;update,versions=v1alpha1,name=mbackupverification.kb.io,admissionReviewVersions=v1 - -var _ webhook.Defaulter = &BackupVerification{} - -// Default implements webhook.Defaulter so a webhook will be registered for the type -func (r *BackupVerification) Default() { - backupverificationlog.Info("default", "name", r.Name) - - if r.Spec.UsagePolicy == nil { - r.setDefaultUsagePolicy() - } -} - -// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. -//+kubebuilder:webhook:path=/validate-core-kubestash-com-v1alpha1-backupverification,mutating=false,failurePolicy=fail,sideEffects=None,groups=core.kubestash.com,resources=backupverifications,verbs=create;update,versions=v1alpha1,name=vbackupverification.kb.io,admissionReviewVersions=v1 - -var _ webhook.Validator = &BackupVerification{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *BackupVerification) ValidateCreate() (admission.Warnings, error) { - backupverificationlog.Info("validate create", "name", r.Name) - - if r.Spec.Function == "" { - return nil, fmt.Errorf("function is required") - } - - if r.Spec.Type == "" { - return nil, fmt.Errorf("type is required") - } - - if err := r.validateVerificationType(); err != nil { - return nil, err - } - - return nil, r.validateUsagePolicy() -} - -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *BackupVerification) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - backupverificationlog.Info("validate update", "name", r.Name) - - if r.Spec.Function == "" { - return nil, fmt.Errorf("function is required") - } - - if r.Spec.Type == "" { - return nil, fmt.Errorf("type is required") - } - - if err := r.validateVerificationType(); err != nil { - return nil, err - } - - return nil, r.validateUsagePolicy() -} - -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *BackupVerification) ValidateDelete() (admission.Warnings, error) { - backupverificationlog.Info("validate delete", "name", r.Name) - - // TODO(user): fill in your validation logic upon object deletion. - return nil, nil -} - -func (r *BackupVerification) setDefaultUsagePolicy() { - fromSameNamespace := apis.NamespacesFromSame - r.Spec.UsagePolicy = &apis.UsagePolicy{ - AllowedNamespaces: apis.AllowedNamespaces{ - From: &fromSameNamespace, - }, - } -} - -func (r *BackupVerification) validateVerificationType() error { - switch r.Spec.Type { - case FileVerificationType: - if r.Spec.File == nil { - return fmt.Errorf("file field can not be empty for file verification type") - } - case QueryVerificationType: - if r.Spec.Query == nil { - return fmt.Errorf("query field can not be empty for query verification type") - } - case ScriptVerificationType: - if r.Spec.Script == nil { - return fmt.Errorf("script field can not be empty for script verification type") - } - } - return nil -} - -func (r *BackupVerification) validateUsagePolicy() error { - if *r.Spec.UsagePolicy.AllowedNamespaces.From == apis.NamespacesFromSelector && - r.Spec.UsagePolicy.AllowedNamespaces.Selector == nil { - return fmt.Errorf("selector cannot be empty for usage policy of type %q", apis.NamespacesFromSelector) - } - return nil -} diff --git a/apis/core/v1alpha1/backupverificationsession_helpers.go b/apis/core/v1alpha1/backupverificationsession_helpers.go index c189f4fd..8e5098f6 100644 --- a/apis/core/v1alpha1/backupverificationsession_helpers.go +++ b/apis/core/v1alpha1/backupverificationsession_helpers.go @@ -18,6 +18,7 @@ package v1alpha1 import ( "fmt" + cutil "kmodules.xyz/client-go/conditions" "kmodules.xyz/client-go/meta" "kubestash.dev/apimachinery/crds" "time" @@ -29,6 +30,52 @@ func (_ BackupVerificationSession) CustomResourceDefinition() *apiextensions.Cus return crds.MustCustomResourceDefinition(GroupVersion.WithResource(ResourcePluralBackupVerificationSession)) } -func GenerateBackupVerificationSessionName(verificationName, sessionName string) string { - return meta.ValidNameWithPrefixNSuffix(verificationName, sessionName, fmt.Sprintf("%d", time.Now().Unix())) +func (b *BackupVerificationSession) IsCompleted() bool { + phase := b.Status.Phase + + return phase == BackupVerificationSessionSucceeded || + phase == BackupVerificationSessionFailed || + phase == BackupVerificationSessionSkipped +} + +func (b *BackupVerificationSession) CalculatePhase() BackupVerificationSessionPhase { + if cutil.IsConditionFalse(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) { + return BackupVerificationSessionFailed + } + + if cutil.IsConditionTrue(b.Status.Conditions, TypeBackupVerificationSkipped) { + return BackupVerificationSessionSkipped + } + + if b.sessionHistoryCleanupSucceeded() && + (b.failedToRestoreBackup() || + b.failedToVerifyBackup()) { + return BackupVerificationSessionFailed + } + + if cutil.IsConditionTrue(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) { + return BackupVerificationSessionSucceeded + } + + return BackupVerificationSessionRunning +} + +func (b *BackupVerificationSession) sessionHistoryCleanupFailed() bool { + return cutil.IsConditionFalse(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) +} + +func (b *BackupVerificationSession) sessionHistoryCleanupSucceeded() bool { + return cutil.IsConditionTrue(b.Status.Conditions, TypeVerificationSessionHistoryCleaned) +} + +func (b *BackupVerificationSession) failedToRestoreBackup() bool { + return cutil.IsConditionFalse(b.Status.Conditions, TypeRestoreSucceeded) +} + +func (b *BackupVerificationSession) failedToVerifyBackup() bool { + return cutil.IsConditionFalse(b.Status.Conditions, TypeBackupVerified) +} + +func GenerateBackupVerificationSessionName(repoName, sessionName string) string { + return meta.ValidNameWithPrefixNSuffix(repoName, sessionName, fmt.Sprintf("%d", time.Now().Unix())) } diff --git a/apis/core/v1alpha1/backupverificationsession_types.go b/apis/core/v1alpha1/backupverificationsession_types.go index 060bc443..7d3f9f39 100644 --- a/apis/core/v1alpha1/backupverificationsession_types.go +++ b/apis/core/v1alpha1/backupverificationsession_types.go @@ -18,7 +18,6 @@ package v1alpha1 import ( core "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kmapi "kmodules.xyz/client-go/api/v1" ) @@ -33,7 +32,6 @@ const ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=backupverificationsession,singular=backupverificationsession,categories={kubestash,appscode,all} -// +kubebuilder:printcolumn:name="Verifier",type="string",JSONPath=".spec.backupVerifier.name" // +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase" // +kubebuilder:printcolumn:name="Duration",type="string",JSONPath=".status.duration" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" @@ -50,16 +48,17 @@ type BackupVerificationSession struct { // BackupVerificationSessionSpec specifies the information related to the respective backup verifier, session, repository and snapshot. type BackupVerificationSessionSpec struct { - // BackupVerifier points to the respective BackupVerification - // which is used for verification. - BackupVerifier *core.LocalObjectReference `json:"backupVerifier,omitempty"` + // Invoker points to the respective BackupConfiguration or BackupBatch + // which is responsible for triggering this backup verification. + Invoker *core.TypedLocalObjectReference `json:"invoker,omitempty"` // Session specifies the name of the session that triggered this backup verification Session string `json:"session,omitempty"` + // Repository specifies the name of the repository whose backed-up data will be verified Repository string `json:"repository,omitempty"` - // Snapshot specifies the name of the snapshot that has been verified in this backup verification + // Snapshot specifies the name of the snapshot that will be verified Snapshot string `json:"snapshot,omitempty"` // RetryLeft specifies number of retry attempts left for the backup verification session. @@ -89,19 +88,24 @@ type BackupVerificationSessionStatus struct { } // BackupVerificationSessionPhase specifies the current state of the backup verification process -// +kubebuilder:validation:Enum=Pending;Running;Succeeded;Failed +// +kubebuilder:validation:Enum=Running;Succeeded;Failed;Skipped type BackupVerificationSessionPhase string const ( - BackupVerificationSessionPending BackupVerificationSessionPhase = "Pending" BackupVerificationSessionRunning BackupVerificationSessionPhase = "Running" BackupVerificationSessionSucceeded BackupVerificationSessionPhase = "Succeeded" BackupVerificationSessionFailed BackupVerificationSessionPhase = "Failed" + BackupVerificationSessionSkipped BackupVerificationSessionPhase = "Skipped" ) // ============================ Conditions ======================== const ( + // TypeBackupVerificationSkipped indicates that the current session was skipped + TypeBackupVerificationSkipped = "BackupVerificationSkipped" + // ReasonSkippedVerifyingNewBackup indicates that the backup verification was skipped because the snapshot has already been verified + ReasonSkippedVerifyingNewBackup = "SnapshotAlreadyVerified" + // TypeVerificationSessionHistoryCleaned indicates whether the backup history was cleaned or not according to sessionHistoryLimit TypeVerificationSessionHistoryCleaned = "VerificationSessionHistoryCleaned" ReasonSuccessfullyCleanedVerificationSessionHistory = "SuccessfullyCleanedVerificationSessionHistory" diff --git a/apis/core/v1alpha1/zz_generated.deepcopy.go b/apis/core/v1alpha1/zz_generated.deepcopy.go index 59b8e3b4..867fc2e0 100644 --- a/apis/core/v1alpha1/zz_generated.deepcopy.go +++ b/apis/core/v1alpha1/zz_generated.deepcopy.go @@ -222,6 +222,13 @@ func (in *BackupBatchSpec) DeepCopyInto(out *BackupBatchSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.VerificationStrategies != nil { + in, out := &in.VerificationStrategies, &out.VerificationStrategies + *out = make([]VerificationStrategy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupBatchSpec. @@ -670,64 +677,6 @@ func (in *BackupSessionStatus) DeepCopy() *BackupSessionStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackupVerification) DeepCopyInto(out *BackupVerification) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerification. -func (in *BackupVerification) DeepCopy() *BackupVerification { - if in == nil { - return nil - } - out := new(BackupVerification) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *BackupVerification) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackupVerificationList) DeepCopyInto(out *BackupVerificationList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]BackupVerification, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerificationList. -func (in *BackupVerificationList) DeepCopy() *BackupVerificationList { - if in == nil { - return nil - } - out := new(BackupVerificationList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *BackupVerificationList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupVerificationSession) DeepCopyInto(out *BackupVerificationSession) { *out = *in @@ -790,10 +739,10 @@ func (in *BackupVerificationSessionList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BackupVerificationSessionSpec) DeepCopyInto(out *BackupVerificationSessionSpec) { *out = *in - if in.BackupVerifier != nil { - in, out := &in.BackupVerifier, &out.BackupVerifier - *out = new(corev1.LocalObjectReference) - **out = **in + if in.Invoker != nil { + in, out := &in.Invoker, &out.Invoker + *out = new(corev1.TypedLocalObjectReference) + (*in).DeepCopyInto(*out) } } @@ -834,65 +783,6 @@ func (in *BackupVerificationSessionStatus) DeepCopy() *BackupVerificationSession return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BackupVerificationSpec) DeepCopyInto(out *BackupVerificationSpec) { - *out = *in - if in.UsagePolicy != nil { - in, out := &in.UsagePolicy, &out.UsagePolicy - *out = new(apis.UsagePolicy) - (*in).DeepCopyInto(*out) - } - if in.Params != nil { - in, out := &in.Params, &out.Params - *out = make([]apis.ParameterDefinition, len(*in)) - copy(*out, *in) - } - if in.Target != nil { - in, out := &in.Target, &out.Target - *out = new(v1.TypedObjectReference) - **out = **in - } - if in.VolumeMounts != nil { - in, out := &in.VolumeMounts, &out.VolumeMounts - *out = make([]corev1.VolumeMount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumeTemplate != nil { - in, out := &in.VolumeTemplate, &out.VolumeTemplate - *out = make([]VolumeTemplate, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.File != nil { - in, out := &in.File, &out.File - *out = new(FileVerifierSpec) - (*in).DeepCopyInto(*out) - } - if in.Query != nil { - in, out := &in.Query, &out.Query - *out = make([]QueryVerifierSpec, len(*in)) - copy(*out, *in) - } - if in.Script != nil { - in, out := &in.Script, &out.Script - *out = new(ScriptVerifierSpec) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupVerificationSpec. -func (in *BackupVerificationSpec) DeepCopy() *BackupVerificationSpec { - if in == nil { - return nil - } - out := new(BackupVerificationSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BatchSession) DeepCopyInto(out *BatchSession) { *out = *in @@ -935,6 +825,21 @@ func (in *ComponentRestoreStatus) DeepCopy() *ComponentRestoreStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ElasticsearchQueryOpt) DeepCopyInto(out *ElasticsearchQueryOpt) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ElasticsearchQueryOpt. +func (in *ElasticsearchQueryOpt) DeepCopy() *ElasticsearchQueryOpt { + if in == nil { + return nil + } + out := new(ElasticsearchQueryOpt) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FileVerifierSpec) DeepCopyInto(out *FileVerifierSpec) { *out = *in @@ -1306,6 +1211,46 @@ func (in *ManifestRestoreOptions) DeepCopy() *ManifestRestoreOptions { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MongoDBQueryOpt) DeepCopyInto(out *MongoDBQueryOpt) { + *out = *in + if in.DocumentCount != nil { + in, out := &in.DocumentCount, &out.DocumentCount + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoDBQueryOpt. +func (in *MongoDBQueryOpt) DeepCopy() *MongoDBQueryOpt { + if in == nil { + return nil + } + out := new(MongoDBQueryOpt) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MySQLQueryOpt) DeepCopyInto(out *MySQLQueryOpt) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MySQLQueryOpt. +func (in *MySQLQueryOpt) DeepCopy() *MySQLQueryOpt { + if in == nil { + return nil + } + out := new(MySQLQueryOpt) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OffshootStatus) DeepCopyInto(out *OffshootStatus) { *out = *in @@ -1386,9 +1331,62 @@ func (in *PodHookExecutorSpec) DeepCopy() *PodHookExecutorSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PostgresQueryOpt) DeepCopyInto(out *PostgresQueryOpt) { + *out = *in + if in.RowCount != nil { + in, out := &in.RowCount, &out.RowCount + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgresQueryOpt. +func (in *PostgresQueryOpt) DeepCopy() *PostgresQueryOpt { + if in == nil { + return nil + } + out := new(PostgresQueryOpt) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *QueryVerifierSpec) DeepCopyInto(out *QueryVerifierSpec) { *out = *in + if in.MySQL != nil { + in, out := &in.MySQL, &out.MySQL + *out = make([]MySQLQueryOpt, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Postgres != nil { + in, out := &in.Postgres, &out.Postgres + *out = make([]PostgresQueryOpt, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.MongoDB != nil { + in, out := &in.MongoDB, &out.MongoDB + *out = make([]MongoDBQueryOpt, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Elasticsearch != nil { + in, out := &in.Elasticsearch, &out.Elasticsearch + *out = make([]ElasticsearchQueryOpt, len(*in)) + copy(*out, *in) + } + if in.Redis != nil { + in, out := &in.Redis, &out.Redis + *out = make([]RedisQueryOpt, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueryVerifierSpec. @@ -1401,6 +1399,26 @@ func (in *QueryVerifierSpec) DeepCopy() *QueryVerifierSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RedisQueryOpt) DeepCopyInto(out *RedisQueryOpt) { + *out = *in + if in.DbSize != nil { + in, out := &in.DbSize, &out.DbSize + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisQueryOpt. +func (in *RedisQueryOpt) DeepCopy() *RedisQueryOpt { + if in == nil { + return nil + } + out := new(RedisQueryOpt) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RepoStatus) DeepCopyInto(out *RepoStatus) { *out = *in @@ -1516,6 +1534,36 @@ func (in *RestoreHooks) DeepCopy() *RestoreHooks { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestoreOption) DeepCopyInto(out *RestoreOption) { + *out = *in + if in.Target != nil { + in, out := &in.Target, &out.Target + *out = new(v1.TypedObjectReference) + **out = **in + } + if in.ManifestOptions != nil { + in, out := &in.ManifestOptions, &out.ManifestOptions + *out = new(ManifestRestoreOptions) + (*in).DeepCopyInto(*out) + } + if in.AddonInfo != nil { + in, out := &in.AddonInfo, &out.AddonInfo + *out = new(AddonInfo) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestoreOption. +func (in *RestoreOption) DeepCopy() *RestoreOption { + if in == nil { + return nil + } + out := new(RestoreOption) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RestoreSession) DeepCopyInto(out *RestoreSession) { *out = *in @@ -2071,26 +2119,29 @@ func (in *TaskReference) DeepCopy() *TaskReference { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VerificationStrategy) DeepCopyInto(out *VerificationStrategy) { *out = *in - if in.Verifier != nil { - in, out := &in.Verifier, &out.Verifier - *out = new(v1.ObjectReference) - **out = **in - } - if in.Params != nil { - in, out := &in.Params, &out.Params - *out = new(runtime.RawExtension) + if in.RestoreOption != nil { + in, out := &in.RestoreOption, &out.RestoreOption + *out = new(RestoreOption) (*in).DeepCopyInto(*out) } if in.KeepAlive != nil { in, out := &in.KeepAlive, &out.KeepAlive *out = (*in).DeepCopy() } - if in.Tasks != nil { - in, out := &in.Tasks, &out.Tasks - *out = make([]TaskReference, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + if in.File != nil { + in, out := &in.File, &out.File + *out = new(FileVerifierSpec) + (*in).DeepCopyInto(*out) + } + if in.Query != nil { + in, out := &in.Query, &out.Query + *out = new(QueryVerifierSpec) + (*in).DeepCopyInto(*out) + } + if in.Script != nil { + in, out := &in.Script, &out.Script + *out = new(ScriptVerifierSpec) + (*in).DeepCopyInto(*out) } if in.RetryConfig != nil { in, out := &in.RetryConfig, &out.RetryConfig @@ -2109,23 +2160,3 @@ func (in *VerificationStrategy) DeepCopy() *VerificationStrategy { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *VolumeTemplate) DeepCopyInto(out *VolumeTemplate) { - *out = *in - if in.Source != nil { - in, out := &in.Source, &out.Source - *out = new(apis.VolumeSource) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeTemplate. -func (in *VolumeTemplate) DeepCopy() *VolumeTemplate { - if in == nil { - return nil - } - out := new(VolumeTemplate) - in.DeepCopyInto(out) - return out -} diff --git a/apis/storage/v1alpha1/snapshot_types.go b/apis/storage/v1alpha1/snapshot_types.go index 86f15600..df5f7df8 100644 --- a/apis/storage/v1alpha1/snapshot_types.go +++ b/apis/storage/v1alpha1/snapshot_types.go @@ -110,6 +110,10 @@ type SnapshotStatus struct { // +optional VerificationStatus VerificationStatus `json:"verificationStatus,omitempty"` + // VerificationSession specifies which BackupVerificationSession verified this Snapshot + // +optional + VerificationSession string `json:"verificationSession,omitempty"` + // SnapshotTime represents the timestamp when this Snapshot was taken. // +optional SnapshotTime *metav1.Time `json:"snapshotTime,omitempty"` diff --git a/crds/core.kubestash.com_backupbatches.yaml b/crds/core.kubestash.com_backupbatches.yaml index bd6ce12b..a27e842a 100644 --- a/crds/core.kubestash.com_backupbatches.yaml +++ b/crds/core.kubestash.com_backupbatches.yaml @@ -36237,6 +36237,18800 @@ spec: type: string type: object type: array + verificationStrategies: + description: VerificationStrategies specifies a list of backup verification + configurations + items: + description: VerificationStrategy specifies a strategy to verify + the backed up data. + properties: + file: + description: File specifies the file paths information whose + existence will be checked for backup verification. + properties: + paths: + description: Paths specifies the list of paths whose existence + will be checked. These paths must be absolute paths. + items: + type: string + type: array + type: object + keepAlive: + description: KeepAlive specifies the duration of keeping the + instances created for backup verification. + format: date-time + type: string + name: + description: Name indicates the name of this strategy. + type: string + query: + description: Query specifies the queries to be run to verify + backup. + properties: + elasticsearch: + items: + properties: + index: + type: string + type: object + type: array + mongodb: + items: + properties: + collection: + type: string + database: + type: string + rowCount: + format: int32 + type: integer + type: object + type: array + mysql: + items: + properties: + database: + type: string + rowCount: + format: int32 + type: integer + table: + type: string + type: object + type: array + postgres: + items: + properties: + database: + type: string + rowCount: + format: int32 + type: integer + schema: + type: string + table: + type: string + type: object + type: array + redis: + items: + properties: + database: + type: string + dbSize: + format: int32 + type: integer + type: object + type: array + type: object + restoreOption: + description: RestoreOption specifies the restore target, addonInfo + and manifestOption for backup verification + properties: + addonInfo: + description: AddonInfo specifies addon configuration that + will be used to restore this target. + properties: + containerRuntimeSettings: + description: ContainerRuntimeSettings specifies runtime + settings for the backup/restore executor container + properties: + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will + take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be + updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + ionice: + description: 'Settings to configure `ionice` to + throttle the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' + properties: + class: + format: int32 + type: integer + classData: + format: int32 + type: integer + type: object + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to an + API request or management event such as liveness/startup + probe failure, preemption, resource contention, + etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination grace + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is + 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly halted + with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value zero + indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta + field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nice: + description: 'Settings to configure `nice` to throttle + the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' + properties: + adjustment: + format: int32 + type: integer + type: object + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is + 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly halted + with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value zero + indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta + field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'Security options the pod should run + with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor + options to use by this container. If set, + this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile loaded on the node that should + be used. The profile must be preconfigured + on the node to work. Must match the loaded + name of the profile. Must be set if and + only if type is "Localhost". + type: string + type: + description: 'type indicates which kind + of AppArmor profile will be applied. Valid + options are: Localhost - a profile pre-loaded + on the node. RuntimeDefault - the container + runtime''s default profile. Unconfined + - no AppArmor enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when + running containers. Defaults to the default + set of capabilities granted by the container + runtime. Note that this field cannot be set + when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. Note that this field cannot be set + when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot be + set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also + be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot be + set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided + at both the pod & container level, the container + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. Valid + options are: \n Localhost - a profile + defined in a file on the node should be + used. RuntimeDefault - the container runtime + default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot be + set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a + container should be run as a 'Host Process' + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + type: object + jobTemplate: + description: JobTemplate specifies runtime configurations + for the backup/restore Job + properties: + controller: + description: 'Workload controller''s metadata. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. May match selectors + of replication controllers and services. More + info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + metadata: + description: 'Standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. May match selectors + of replication controllers and services. More + info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: 'Specification of the desired behavior + of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + properties: + affinity: + description: If specified, the pod's scheduling + constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose a + node that violates one or more of + the expressions. The node that is + most preferred is the one with the + greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; the + node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A + null preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by + node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node + selector requirements by + node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the + affinity requirements specified by + this field cease to be met at some + point during pod execution (e.g. due + to an update), the system may or may + not try to eventually evict the pod + from its node. + properties: + nodeSelectorTerms: + description: Required. A list of + node selector terms. The terms + are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are + ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by + node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node + selector requirements by + node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose a + node that violates one or more of + the expressions. The node that is + most preferred is the one with the + greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of + the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, + matchLabelKeys cannot be + set when labelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, + mismatchLabelKeys cannot + be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query + over the set of namespaces + that the term applies to. + The term is applied to the + union of the namespaces + selected by this field and + the ones listed in the namespaces + field. null selector and + null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied + to the union of the namespaces + listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces + list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on + a node whose value of the + label with key topologyKey + matches that of any node + on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the + affinity requirements specified by + this field cease to be met at some + point during pod execution (e.g. due + to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there + are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `labelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting this + pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a + node that violates one or more of + the expressions. The node that is + most preferred is the one with the + greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node has + pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of + the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, + matchLabelKeys cannot be + set when labelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, + mismatchLabelKeys cannot + be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query + over the set of namespaces + that the term applies to. + The term is applied to the + union of the namespaces + selected by this field and + the ones listed in the namespaces + field. null selector and + null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied + to the union of the namespaces + listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces + list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on + a node whose value of the + label with key topologyKey + matches that of any node + on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the + anti-affinity requirements specified + by this field cease to be met at some + point during pod execution (e.g. due + to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there + are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `labelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the + variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + containerSecurityContext: + description: 'Security options the pod should + run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: + 1) run as Privileged 2) has CAP_SYS_ADMIN + Note that this field cannot be set when + spec.os.name is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor + options to use by this container. If set, + this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile loaded on the node that + should be used. The profile must be + preconfigured on the node to work. + Must match the loaded name of the + profile. Must be set if and only if + type is "Localhost". + type: string + type: + description: 'type indicates which kind + of AppArmor profile will be applied. + Valid options are: Localhost - a profile + pre-loaded on the node. RuntimeDefault + - the container runtime''s default + profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by + the container runtime. Note that this + field cannot be set when spec.os.name + is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on + the host. Defaults to false. Note that + this field cannot be set when spec.os.name + is windows. + type: boolean + procMount: + description: procMount denotes the type + of proc mount to use for the containers. + The default is DefaultProcMount which + uses the container runtime defaults for + readonly paths and masked paths. This + requires the ProcMountType feature flag + to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default is + false. Note that this field cannot be + set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the + container if it does. If unset or false, + no such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to + user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the + container runtime will allocate a random + SELinux context for each container. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use + by this container. If seccomp options + are provided at both the pod & container + level, the container options override + the pod options. Note that this field + cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the + node should be used. The profile must + be preconfigured on the node to work. + Must be a descending path, relative + to the kubelet's configured seccomp + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. + Valid options are: \n Localhost - + a profile defined in a file on the + node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run as a + 'Host Process' container. All of a + Pod's containers must have the same + effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. + May also be set in PodSecurityContext. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + dnsConfig: + description: Specifies the DNS parameters of + a pod. Parameters specified here will be merged + to the generated DNS configuration based on + DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP + addresses. This will be appended to the + base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: A list of DNS resolver options. + This will be merged with the base options + generated from DNSPolicy. Duplicated entries + will be removed. Resolution options given + in Options will override those that appear + in the base DNSPolicy. + items: + description: PodDNSConfigOption defines + DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: A list of DNS search domains + for host-name lookup. This will be appended + to the base search paths generated from + DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults + to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', + 'ClusterFirst', 'Default' or 'None'. DNS parameters + given in DNSConfig will be merged with the + policy selected with DNSPolicy. To have DNS + options set along with hostNetwork, you have + to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether + information about services should be injected + into pod''s environment variables, matching + the syntax of Docker links. Optional: Defaults + to true.' + type: boolean + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. + Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this + pod. Use the host's network namespace. If + this option is set, the ports that will be + used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. + Optional: Default to false.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional + list of references to secrets in the same + namespace to use for pulling any of the images + used by this PodSpec. If specified, these + secrets will be passed to individual puller + implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains + enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'List of initialization containers + belonging to the pod. Init containers are + executed in order prior to containers being + started. If any init container fails, the + pod is considered to have failed and is handled + according to its restartPolicy. The name for + an init container or normal container must + be unique among all containers. Init containers + may not have Lifecycle actions, Readiness + probes, or Liveness probes. The resourceRequirements + of an init container are taken into account + during scheduling by finding the highest request/limit + for each resource type, and then using the + max of of that value or the sum of the normal + containers. Limits are applied to init containers + in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container + that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. + The container image''s CMD is used if + this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be + resolved, the reference in the input + string will be unchanged. Double $$ + are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless + of whether the variable exists or not. + Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: 'Entrypoint array. Not executed + within a shell. The container image''s + ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: List of environment variables + to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment + variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references + $(VAR_NAME) are expanded using + the previously defined environment + variables in the container and + any service environment variables. + If a variable cannot be resolved, + the reference in the input string + will be unchanged. Double $$ are + reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". + Escaped references will never + be expanded, regardless of whether + the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used + if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of + a ConfigMap. + properties: + key: + description: The key to + select. + type: string + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field + of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory + and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of + a secret in the pod's namespace + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: List of sources to populate + environment variables in the container. + The keys defined within a source must + be a C_IDENTIFIER. All invalid keys + will be reported as an event when the + container is starting. When a key exists + in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be + updated. + items: + description: EnvFromSource represents + the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select + from + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier + to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select + from + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: 'Container image name. More + info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher + level config management to default or + override container images in workload + controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of + Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be + updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management + system should take in response to container + lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called + immediately after a container is + created. If the handler fails, the + container is terminated and restarted + according to its restart policy. + Other management of the container + blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the + action to take. + properties: + command: + description: Command is the + command line to execute + inside the container, the + working directory for the + command is root ('/') in + the container's filesystem. + The command is simply exec'd, + it is not run inside a shell, + so traditional shell instructions + ('|', etc) won't work. To + use a shell, you need to + explicitly call out to that + shell. Exit status of 0 + is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies + the http request to perform. + properties: + host: + description: Host name to + connect to, defaults to + the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers + to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader + describes a custom header + to be used in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access + on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use + for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket + is NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this + field and lifecycle hooks will + fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host + name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated + due to an API request or management + event such as liveness/startup probe + failure, preemption, resource contention, + etc. The handler is not called if + the container crashes or exits. + The Pod''s termination grace period + countdown begins before the PreStop + hook is executed. Regardless of + the outcome of the handler, the + container will eventually terminate + within the Pod''s termination grace + period (unless delayed by finalizers). + Other management of the container + blocks until the hook completes + or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the + action to take. + properties: + command: + description: Command is the + command line to execute + inside the container, the + working directory for the + command is root ('/') in + the container's filesystem. + The command is simply exec'd, + it is not run inside a shell, + so traditional shell instructions + ('|', etc) won't work. To + use a shell, you need to + explicitly call out to that + shell. Exit status of 0 + is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies + the http request to perform. + properties: + host: + description: Host name to + connect to, defaults to + the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers + to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader + describes a custom header + to be used in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access + on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use + for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket + is NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this + field and lifecycle hooks will + fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host + name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container + liveness. Container will be restarted + if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The + command is simply exec'd, it + is not run inside a shell, so + traditional shell instructions + ('|', etc) won't work. To use + a shell, you need to explicitly + call out to that shell. Exit + status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action + involving a GRPC port. + properties: + port: + description: Port number of the + gRPC service. Number must be + in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name + of the service to place in the + gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, + the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the + http request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. + You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to + set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes + a custom header to be used + in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on + the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for + connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after + the container has started before + liveness probes are initiated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) + to perform the probe. Default to + 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to + 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an + action involving a TCP port. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in + seconds the pod needs to terminate + gracefully upon probe failure. The + grace period is the duration in + seconds after the processes running + in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill + signal. Set this value longer than + the expected cleanup time for your + process. If this value is nil, the + pod's terminationGracePeriodSeconds + will be used. Otherwise, this value + overrides the value provided by + the pod spec. Value must be non-negative + integer. The value zero indicates + stop immediately via the kill signal + (no opportunity to shut down). This + is a beta field and requires enabling + ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after + which the probe times out. Defaults + to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified + as a DNS_LABEL. Each container in a + pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from + the container. Not specifying a port + here DOES NOT prevent that port from + being exposed. Any port which is listening + on the default "0.0.0.0" address inside + a container will be accessible from + the network. Modifying this array with + strategic merge patch may corrupt the + data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents + a network port in a single container. + properties: + containerPort: + description: Number of port to expose + on the pod's IP address. This + must be a valid port number, 0 + < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind + the external port to. + type: string + hostPort: + description: Number of port to expose + on the host. If specified, this + must be a valid port number, 0 + < x < 65536. If HostNetwork is + specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this + must be an IANA_SVC_NAME and unique + within the pod. Each named port + in a pod must have a unique name. + Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. + Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container + service readiness. Container will be + removed from service endpoints if the + probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The + command is simply exec'd, it + is not run inside a shell, so + traditional shell instructions + ('|', etc) won't work. To use + a shell, you need to explicitly + call out to that shell. Exit + status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action + involving a GRPC port. + properties: + port: + description: Port number of the + gRPC service. Number must be + in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name + of the service to place in the + gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, + the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the + http request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. + You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to + set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes + a custom header to be used + in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on + the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for + connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after + the container has started before + liveness probes are initiated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) + to perform the probe. Default to + 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to + 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an + action involving a TCP port. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in + seconds the pod needs to terminate + gracefully upon probe failure. The + grace period is the duration in + seconds after the processes running + in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill + signal. Set this value longer than + the expected cleanup time for your + process. If this value is nil, the + pod's terminationGracePeriodSeconds + will be used. Otherwise, this value + overrides the value provided by + the pod spec. Value must be non-negative + integer. The value zero indicates + stop immediately via the kill signal + (no opportunity to shut down). This + is a beta field and requires enabling + ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after + which the probe times out. Defaults + to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required + by this container. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the + maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted + for a container, it defaults to + Limits if that is explicitly specified, + otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines + the security options the container should + be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation + controls whether a process can gain + more privileges than its parent + process. This bool directly controls + if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container + is: 1) run as Privileged 2) has + CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name + is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the + AppArmor options to use by this + container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile + indicates a profile loaded on + the node that should be used. + The profile must be preconfigured + on the node to work. Must match + the loaded name of the profile. + Must be set if and only if type + is "Localhost". + type: string + type: + description: 'type indicates which + kind of AppArmor profile will + be applied. Valid options are: + Localhost - a profile pre-loaded + on the node. RuntimeDefault + - the container runtime''s default + profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop + when running containers. Defaults + to the default set of capabilities + granted by the container runtime. + Note that this field cannot be set + when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root + on the host. Defaults to false. + Note that this field cannot be set + when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the + type of proc mount to use for the + containers. The default is DefaultProcMount + which uses the container runtime + defaults for readonly paths and + masked paths. This requires the + ProcMountType feature flag to be + enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container + has a read-only root filesystem. + Default is false. Note that this + field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set + in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this + field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If + true, the Kubelet will validate + the image at runtime to ensure that + it does not run as UID 0 (root) + and fail to start the container + if it does. If unset or false, no + such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults + to user specified in image metadata + if unspecified. May also be set + in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this + field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to + be applied to the container. If + unspecified, the container runtime + will allocate a random SELinux context + for each container. May also be + set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this + field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux + level label that applies to + the container. + type: string + role: + description: Role is a SELinux + role label that applies to the + container. + type: string + type: + description: Type is a SELinux + type label that applies to the + container. + type: string + user: + description: User is a SELinux + user label that applies to the + container. + type: string + type: object + seccompProfile: + description: The seccomp options to + use by this container. If seccomp + options are provided at both the + pod & container level, the container + options override the pod options. + Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile + indicates a profile defined + in a file on the node should + be used. The profile must be + preconfigured on the node to + work. Must be a descending path, + relative to the kubelet's configured + seccomp profile location. Must + be set if type is "Localhost". + Must NOT be set for any other + type. + type: string + type: + description: "type indicates which + kind of seccomp profile will + be applied. Valid options are: + \n Localhost - a profile defined + in a file on the node should + be used. RuntimeDefault - the + container runtime default profile + should be used. Unconfined - + no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific + settings applied to all containers. + If unspecified, the options from + the PodSecurityContext will be used. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + Note that this field cannot be set + when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec + is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the + GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run + as a 'Host Process' container. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the + container process. Defaults + to the user specified in image + metadata if unspecified. May + also be set in PodSecurityContext. + If set in both SecurityContext + and PodSecurityContext, the + value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that + the Pod has successfully initialized. + If specified, no other probes are executed + until this completes successfully. If + this probe fails, the Pod will be restarted, + just as if the livenessProbe failed. + This can be used to provide different + probe parameters at the beginning of + a Pod''s lifecycle, when it might take + a long time to load data or warm a cache, + than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The + command is simply exec'd, it + is not run inside a shell, so + traditional shell instructions + ('|', etc) won't work. To use + a shell, you need to explicitly + call out to that shell. Exit + status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action + involving a GRPC port. + properties: + port: + description: Port number of the + gRPC service. Number must be + in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name + of the service to place in the + gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, + the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the + http request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. + You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to + set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes + a custom header to be used + in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on + the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for + connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after + the container has started before + liveness probes are initiated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) + to perform the probe. Default to + 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to + 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an + action involving a TCP port. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in + seconds the pod needs to terminate + gracefully upon probe failure. The + grace period is the duration in + seconds after the processes running + in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill + signal. Set this value longer than + the expected cleanup time for your + process. If this value is nil, the + pod's terminationGracePeriodSeconds + will be used. Otherwise, this value + overrides the value provided by + the pod spec. Value must be non-negative + integer. The value zero indicates + stop immediately via the kill signal + (no opportunity to shut down). This + is a beta field and requires enabling + ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after + which the probe times out. Defaults + to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should + allocate a buffer for stdin in the container + runtime. If this is not set, reads from + stdin in the container will always result + in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime + should close the stdin channel after + it has been opened by a single attach. + When stdin is true the stdin stream + will remain open across multiple attach + sessions. If stdinOnce is set to true, + stdin is opened on container start, + is empty until the first client attaches + to stdin, and then remains open and + accepts data until the client disconnects, + at which time stdin is closed and remains + closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which + the file to which the container''s termination + message will be written is mounted into + the container''s filesystem. Message + written is intended to be brief final + status, such as an assertion failure + message. Will be truncated by the node + if greater than 4096 bytes. The total + message length across all containers + will be limited to 12kb. Defaults to + /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination + message should be populated. File will + use the contents of terminationMessagePath + to populate the container status message + on both success and failure. FallbackToLogsOnError + will use the last chunk of container + log output if the termination message + file is empty and the container exited + with an error. The log output is limited + to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot + be updated. + type: string + tty: + description: Whether this container should + allocate a TTY for itself, also requires + 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list + of block devices to be used by the container. + items: + description: volumeDevice describes + a mapping of a raw block device within + a container. + properties: + devicePath: + description: devicePath is the path + inside of the container that the + device will be mapped to. + type: string + name: + description: name must match the + name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: Pod volumes to mount into + the container's filesystem. Cannot be + updated. + items: + description: VolumeMount describes a + mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be + mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from + the host to container and the + other way around. When not set, + MountPropagationNone is used. + This field is beta in 1.10. When + RecursiveReadOnly is set to IfPossible + or to Enabled, MountPropagation + must be None or unspecified (which + defaults to None). + type: string + name: + description: This must match the + Name of a Volume. + type: string + readOnly: + description: Mounted read-only if + true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly + specifies whether read-only mounts + should be handled recursively. + \n If ReadOnly is false, this + field has no meaning and must + be unspecified. \n If ReadOnly + is true, and this field is set + to Disabled, the mount is not + made recursively read-only. If + this field is set to IfPossible, + the mount is made recursively + read-only, if it is supported + by the container runtime. If + this field is set to Enabled, + the mount is made recursively + read-only if it is supported by + the container runtime, otherwise + the pod will not be started and + an error will be generated to + indicate the reason. \n If this + field is set to IfPossible or + Enabled, MountPropagation must + be set to None (or be unspecified, + which defaults to None). \n If + this field is not specified, it + is treated as an equivalent of + Disabled." + type: string + subPath: + description: Path within the volume + from which the container's volume + should be mounted. Defaults to + "" (volume's root). + type: string + subPathExpr: + description: Expanded path within + the volume from which the container's + volume should be mounted. Behaves + similarly to SubPath but environment + variable references $(VAR_NAME) + are expanded using the container's + environment. Defaults to "" (volume's + root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: Container's working directory. + If not specified, the container runtime's + default will be used, which might be + configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and + restarted according to its restart policy. + Other management of the container blocks + until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler + is not called if the container crashes + or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period (unless delayed by finalizers). + Other management of the container blocks + until the hook completes or until the + termination grace period is reached. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Controllers may set default LivenessProbe + if no liveness probe is provided. To ignore + defaulting, set the value to empty LivenessProbe + "{}". Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of + the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic + podPlacementPolicy: + description: PodPlacementPolicy is the reference + of the podPlacementPolicy + properties: + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type with + an empty value here are almost certainly + wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + priority: + description: The priority value. Various system + components use this field to find the priority + of the pod. When Priority Admission Controller + is enabled, it prevents users from setting + this field. The admission controller populates + this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's + priority. "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the + highest priorities with the former being the + highest priority. Any other name must be defined + by creating a PriorityClass object with that + name. If not specified, the pod priority will + be default or zero if there is no default. + type: string + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from + service endpoints if the probe fails. Cannot + be updated. Controllers may set default ReadinessProbe + if no readyness probe is provided. To ignore + defaulting, set the value to empty ReadynessProbe + "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of + the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by the + sidecar container. + properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should + be used to run this pod. If no RuntimeClass + resource matches the named class, the pod + will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit + class with an empty definition that uses the + default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level + security attributes and common container settings. + Optional: Defaults to empty. See type description + for default values of each field.' + properties: + appArmorProfile: + description: appArmorProfile is the AppArmor + options to use by the containers in this + pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile loaded on the node that + should be used. The profile must be + preconfigured on the node to work. + Must match the loaded name of the + profile. Must be set if and only if + type is "Localhost". + type: string + type: + description: 'type indicates which kind + of AppArmor profile will be applied. + Valid options are: Localhost - a profile + pre-loaded on the node. RuntimeDefault + - the container runtime''s default + profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + fsGroup: + description: "A special supplemental group + that applies to all containers in a pod. + Some volume types allow the Kubelet to + change the ownership of that volume to + be owned by the pod: \n 1. The owning + GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume + will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership + and permissions of any volume. Note that + this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines + behavior of changing ownership and permission + of the volume before being exposed inside + Pod. This field will only apply to volume + types which support fsGroup based ownership(and + permissions). It will have no effect on + ephemeral volume types such as: secret, + configmaps and emptydir. Valid values + are "OnRootMismatch" and "Always". If + not specified, "Always" is used. Note + that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence for that container. Note + that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the + container if it does. If unset or false, + no such validation will be performed. + May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to + user specified in image metadata if unspecified. + May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence for that container. Note + that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to all containers. If unspecified, the + container runtime will allocate a random + SELinux context for each container. May + also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence for that container. Note + that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use + by the containers in this pod. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the + node should be used. The profile must + be preconfigured on the node to work. + Must be a descending path, relative + to the kubelet's configured seccomp + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. + Valid options are: \n Localhost - + a profile defined in a file on the + node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to + the first process run in each container, + in addition to the container's primary + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this + field cannot be set when spec.os.name + is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: Sysctls hold a list of namespaced + sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might + fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to + set + type: string + value: + description: Value of a property to + set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options within a container's SecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run as a + 'Host Process' container. All of a + Pod's containers must have the same + effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. + May also be set in PodSecurityContext. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name + of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + shareProcessNamespace: + description: 'Share a single process namespace + between all of the containers in a pod. When + this is set containers will be able to view + and signal processes from other containers + in the same pod, and the first process in + each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both + be set. Optional: Default to false.' + type: boolean + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully. May be + decreased in delete request. Value must be + non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). If this value is nil, the default + grace period will be used instead. The grace + period is the duration in seconds after the + processes running in the pod are sent a termination + signal and the time when the processes are + forcibly halted with a kill signal. Set this + value longer than the expected cleanup time + for your process. Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the + triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for + value, so that a pod can tolerate all + taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the + taint. By default, it is not set, which + means tolerate the taint forever (do + not evict). Zero and negative values + will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes + how a group of pods ought to spread across + topology domains. Scheduler will schedule + pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: LabelSelector is used to + find matching pods. Pods that match + this label selector are counted to determine + the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. + The keys are used to lookup values from + the incoming pod labels, those key-value + labels are ANDed with labelSelector + to select the group of existing pods + over which spreading will be calculated + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree + to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference + between the number of matching pods + in the target topology and the global + minimum. The global minimum is the minimum + number of matching pods in an eligible + domain or zero if the number of eligible + domains is less than MinDomains. For + example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same + labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 + | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can + only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto + any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence + to topologies that satisfy it. It''s + a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum + number of eligible domains. When the + number of eligible domains with matching + topology keys is less than minDomains, + Pod Topology Spread treats \"global + minimum\" as 0, and then the calculation + of Skew is performed. And when the number + of eligible domains with matching topology + keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible + domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods + to those domains. If value is nil, the + constraint behaves as if MinDomains + is equal to 1. Valid values are integers + greater than 0. When value is not nil, + WhenUnsatisfiable must be DoNotSchedule. + \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set + to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 + | | P P | P P | P P | The number + of domains is less than 5(MinDomains), + so \"global minimum\" is treated as + 0. In this situation, new pod with the + same labelSelector cannot be scheduled, + because computed skew will be 3(3 - + 0) if new Pod is scheduled to any of + the three zones, it will violate MaxSkew." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates + how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread + skew. Options are: - Honor: only nodes + matching nodeAffinity/nodeSelector are + included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. + All nodes are included in the calculations. + \n If this value is nil, the behavior + is equivalent to the Honor policy. This + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates + how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along + with tainted nodes for which the incoming + pod has a toleration, are included. + - Ignore: node taints are ignored. All + nodes are included. \n If this value + is nil, the behavior is equivalent to + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of + node labels. Nodes that have a label + with this key and identical values are + considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods + into each bucket. We define a domain + as a particular instance of a topology. + Also, we define an eligible domain as + a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates + how to deal with a pod if it doesn''t + satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells + the scheduler to schedule the pod in + any location, but giving higher precedence + to topologies that would help reduce + the skew. A constraint is considered + "Unsatisfiable" for an incoming pod + if and only if every possible node assignment + for that pod would violate "MaxSkew" + on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 + | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still + be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. When + RecursiveReadOnly is set to IfPossible + or to Enabled, MountPropagation must + be None or unspecified (which defaults + to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly specifies + whether read-only mounts should be handled + recursively. \n If ReadOnly is false, + this field has no meaning and must be + unspecified. \n If ReadOnly is true, + and this field is set to Disabled, the + mount is not made recursively read-only. + \ If this field is set to IfPossible, + the mount is made recursively read-only, + if it is supported by the container + runtime. If this field is set to Enabled, + the mount is made recursively read-only + if it is supported by the container + runtime, otherwise the pod will not + be started and an error will be generated + to indicate the reason. \n If this field + is set to IfPossible or Enabled, MountPropagation + must be set to None (or be unspecified, + which defaults to None). \n If this + field is not specified, it is treated + as an equivalent of Disabled." + type: string + subPath: + description: Path within the volume from + which the container's volume should + be mounted. Defaults to "" (volume's + root). + type: string + subPathExpr: + description: Expanded path within the + volume from which the container's volume + should be mounted. Behaves similarly + to SubPath but environment variable + references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: 'List of volumes that can be mounted + by containers belonging to the pod. More info: + https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume + in a pod that may be accessed by any container + in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to mount. + If omitted, the default is to mount + by volume name. Examples: For volume + /dev/sda1, you specify the partition + as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can + leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true + will force the readOnly setting + in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID + of the persistent disk resource + in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure + Data Disk mount on the host and bind + mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host + Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: diskName is the Name + of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of + data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values + are Shared: multiple blob disks + per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in + managed availability set). defaults + to shared' + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure + File Service mount on the host and bind + mount to the pod. + properties: + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name + of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: shareName is the azure + share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph + FS mount on the host that shares a pod's + lifetime + properties: + monitors: + description: 'monitors is Required: + Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used + as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: + SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: + SecretRef is reference to the authentication + secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User + is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder + volume attached and mounted on kubelets + host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: + points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify + the volume in cinder. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 and + 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. Defaults + to 0644. Directories within the + path are not affected by this setting. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is + handled by certain external CSI drivers + (Beta feature). + properties: + driver: + description: driver is the name of + the CSI driver that handles this + volume. Consult with your admin + for the correct name as registered + in the cluster. + type: string + fsType: + description: fsType to mount. Ex. + "ext4", "xfs", "ntfs". If not provided, + the empty value is passed to the + associated CSI driver which will + determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef + is a reference to the secret object + containing sensitive information + to pass to the CSI driver to complete + the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may + be empty if no secret is required. + If the secret object contains more + than one secret, all secret references + are passed. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a + read-only configuration for the + volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores + driver-specific properties that + are passed to the CSI driver. Consult + your driver's documentation for + supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward + API about the pod that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits + to use on created files by default. + Must be a Optional: mode bits used + to set permissions on created files + by default. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. Defaults to 0644. Directories + within the path are not affected + by this setting. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward + API volume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what + type of storage medium should back + this directory. The default is "" + which means to use the node''s default + medium. Must be an empty string + (default) or Memory. More info: + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total + amount of local storage required + for this EmptyDir volume. The size + limit is also applicable for memory + medium. The maximum usage on memory + medium EmptyDir would be the minimum + value between the SizeLimit specified + here and the sum of memory limits + of all containers in a pod. The + default is nil which means that + the limit is undefined. More info: + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume + that is handled by a cluster storage + driver. The volume's lifecycle is tied + to the pod that defines it - it will + be created before the pod starts, and + deleted when the pod is removed. \n + Use this if: a) the volume is only needed + while the pod runs, b) features of normal + volumes like restoring from snapshot + or capacity tracking are needed, c) + the storage driver is specified through + a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see + EphemeralVolumeSource for more information + on the connection between this volume + type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of + the vendor-specific APIs for volumes + that persist for longer than the lifecycle + of an individual pod. \n Use CSI for + light-weight local ephemeral volumes + if the CSI driver is meant to be used + that way - see the documentation of + the driver for more information. \n + A pod can use both types of ephemeral + volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create + a stand-alone PVC to provision the + volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of + the PVC, i.e. the PVC will be deleted + together with the pod. The name + of the PVC will be `-` where `` is + the name from the `PodSpec.Volumes` + array entry. Pod validation will + reject the pod if the concatenated + name is not valid for a PVC (for + example, too long). \n An existing + PVC with that name that is not owned + by the pod will *not* be used for + the pod to avoid using an unrelated + volume by mistake. Starting the + pod is then blocked until the unrelated + PVC is removed. If such a pre-created + PVC is meant to be used by the pod, + the PVC has to updated with an owner + reference to the pod once the pod + exists. Normally this should not + be necessary, but it may be useful + when manually reconstructing a broken + cluster. \n This field is read-only + and no changes will be made by Kubernetes + to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels + and annotations that will be + copied into the PVC when creating + it. No other fields are allowed + and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations + is an unstructured key value + map stored with a resource + that may be set by external + tools to store and retrieve + arbitrary metadata. They + are not queryable and should + be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName + is an optional prefix, used + by the server, to generate + a unique name ONLY IF the + Name field has not been + provided. If this field + is used, the name returned + to the client will be different + than the name passed. This + value will also be combined + with a unique suffix. The + provided value has the same + validation rules as the + Name field, and may be truncated + by the length of the suffix + required to make the value + unique on the server. \n + If this field is specified + and the generated name exists, + the server will NOT return + a 409 - instead, it will + either return 201 Created + or 500 with Reason ServerTimeout + indicating a unique name + could not be found in the + time allotted, and the client + should retry (optionally + after the time indicated + in the Retry-After header). + \n Applied only if Name + is not specified. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can + be used to organize and + categorize (scope and select) + objects. May match selectors + of replication controllers + and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be + unique within a namespace. + Is required when creating + resources, although some + resources may allow a client + to request the generation + of an appropriate name automatically. + Name is primarily intended + for creation idempotence + and configuration definition. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines + the space within each name + must be unique. An empty + namespace is equivalent + to the \"default\" namespace, + but \"default\" is the canonical + representation. Not all + objects are required to + be scoped to a namespace + - the value of this field + for those objects will be + empty. \n Must be a DNS_LABEL. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. + If ALL objects in the list + have been deleted, this + object will be garbage collected. + If this object is managed + by a controller, then an + entry in this list will + point to this controller, + with the controller field + set to true. There cannot + be more than one managing + controller. + items: + description: OwnerReference + contains enough information + to let you identify an + owning object. An owning + object must be in the + same namespace as the + dependent, or be cluster-scoped, + so there is no namespace + field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner has + the "foregroundDeletion" + finalizer, then the + owner cannot be deleted + from the key-value + store until this reference + is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field and + enforces the foreground + deletion. Defaults + to false. To set this + field, a user needs + "delete" permission + of the owner, otherwise + 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, + this reference points + to the managing controller. + type: boolean + kind: + description: 'Kind of + the referent. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of + the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of + the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification + for the PersistentVolumeClaim. + The entire content is copied + unchanged into the PVC that + gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes + contains the desired access + modes the volume should + have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field + can be used to specify either: + * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an + external controller can + support the specified data + source, it will create a + new volume based on the + contents of the specified + data source. When the AnyVolumeDataSource + feature gate is enabled, + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the volume + with data, if a non-empty + volume is desired. This + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim + object. When this field + is specified, volume binding + will only succeed if the + type of the specified object + matches some installed volume + populator or dynamic provisioner. + This field will replace + the functionality of the + dataSource field and as + such if both fields are + non-empty, they must have + the same value. For backwards + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only + allows two specific types + of objects, dataSourceRef + allows any non-core object, + as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, and + generates an error if a + disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field + requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the + volume should have. If RecoverVolumeExpansionFailure + feature is enabled users + are allowed to specify resource + requirements that are lower + than previous value but + must still be higher than + capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of + compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests + describes the minimum + amount of compute resources + required. If Requests + is omitted for a container, + it defaults to Limits + if that is explicitly + specified, otherwise + to an implementation-defined + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a + label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode defines + what type of volume is required + by the claim. Value of Filesystem + is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is + the binding reference to + the PersistentVolume backing + this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. TODO: how do we + prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC + target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: + FC target worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC volume + world wide identifiers (wwids) Either + wwids or combination of targetWWNs + and lun must be set, but not both + simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a generic + volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: + description: driver is the name of + the driver to use for this volume. + type: string + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + The default filesystem depends on + FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: + this field holds extra command options + if any.' + type: object + readOnly: + description: 'readOnly is Optional: + defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: + secretRef is reference to the secret + object containing sensitive information + to pass to the plugin scripts. This + may be empty if no secret object + is specified. If the secret object + contains more than one secret, all + secrets are passed to the plugin + scripts.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host + machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of + the dataset stored as metadata -> + name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID + of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to mount. + If omitted, the default is to mount + by volume name. Examples: For volume + /dev/sda1, you specify the partition + as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can + leave the property empty). More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name + of the PD resource in GCE. Used + to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs + mount on the host that shares a pod''s + lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs + volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force + the Glusterfs volume to be mounted + with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine + that is directly exposed to the container. + This is generally used for system agents + or other privileged things that are + allowed to see the host machine. Most + containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict + who can use host directory mounts and + who can/can not mount host directories + as read/write.' + properties: + path: + description: 'path of the directory + on the host. If the path is a symlink, + it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume + Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI + Disk resource that is attached to a + kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines + whether support iSCSI Session CHAP + authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the + custom iSCSI Initiator Name. If + initiatorName is specified with + iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI + Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the + interface Name that uses an iSCSI + transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI + Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI + Target Portal List. The portal is + either an IP or ip_addr:port if + the port is other than default (typically + TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP + Secret for iSCSI target and initiator + authentication + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI + Target Portal. The Portal is either + an IP or ip_addr:port if the port + is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must + be a DNS_LABEL and unique within the + pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount + on the host that shares a pod''s lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported + by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force + the NFS export to be mounted with + read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname + or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name + of a PersistentVolumeClaim in the + same namespace as the pod using + this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the + ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents + a portworx volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fSType represents the + filesystem type to mount Must be + a filesystem type supported by the + host operating system. Ex. "ext4", + "xfs". Implicitly inferred to be + "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in + one resources secrets, configmaps, and + downward API + properties: + defaultMode: + description: defaultMode are the mode + bits used to set permissions on + created files by default. Must be + an octal value between 0000 and + 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. Directories + within the path are not affected + by this setting. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set. + format: int32 + type: integer + sources: + description: sources is the list of + volume projections + items: + description: Projection that may + be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data to + project + properties: + items: + description: items if unspecified, + each key-value pair in + the Data field of the + referenced ConfigMap will + be projected into the + volume as a file whose + name is the key and content + is the value. If specified, + the listed keys will be + projected into the specified + paths, and unlisted keys + will not be present. If + a key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain the + '..' path or start with + '..'. + items: + description: Maps a string + key to a path within + a volume. + properties: + key: + description: key is + the key to project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on this + file. Must be an + octal value between + 0000 and 0777 or + a decimal value + between 0 and 511. + YAML accepts both + octal and decimal + values, JSON requires + decimal values for + mode bits. If not + specified, the volume + defaultMode will + be used. This might + be in conflict with + other options that + affect the file + mode, like fsGroup, + and the result can + be other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key to. + May not be an absolute + path. May not contain + the path element + '..'. May not start + with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify + whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data + to project + properties: + items: + description: Items is a + list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information + to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field + of the pod: only + annotations, labels, + name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version + of the schema + the FieldPath + is written in + terms of, defaults + to "v1". + type: string + fieldPath: + description: Path + of the field + to select in + the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used to + set permissions + on this file, must + be an octal value + between 0000 and + 0777 or a decimal + value between 0 + and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for + mode bits. If not + specified, the volume + defaultMode will + be used. This might + be in conflict with + other options that + affect the file + mode, like fsGroup, + and the result can + be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the + file to be created. + Must not be absolute + or contain the ''..'' + path. Must be utf-8 + encoded. The first + item of the relative + path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of the + container: only + resources limits + and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container + name: required + for volumes, + optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed + resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information + about the secret data to project + properties: + items: + description: items if unspecified, + each key-value pair in + the Data field of the + referenced Secret will + be projected into the + volume as a file whose + name is the key and content + is the value. If specified, + the listed keys will be + projected into the specified + paths, and unlisted keys + will not be present. If + a key is specified which + is not present in the + Secret, the volume setup + will error unless it is + marked optional. Paths + must be relative and may + not contain the '..' path + or start with '..'. + items: + description: Maps a string + key to a path within + a volume. + properties: + key: + description: key is + the key to project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on this + file. Must be an + octal value between + 0000 and 0777 or + a decimal value + between 0 and 511. + YAML accepts both + octal and decimal + values, JSON requires + decimal values for + mode bits. If not + specified, the volume + defaultMode will + be used. This might + be in conflict with + other options that + affect the file + mode, like fsGroup, + and the result can + be other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key to. + May not be an absolute + path. May not contain + the path element + '..'. May not start + with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional field + specify whether the Secret + or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the serviceAccountToken + data to project + properties: + audience: + description: audience is + the intended audience + of the token. A recipient + of a token must identify + itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. + The audience defaults + to the identifier of the + apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the + token approaches expiration, + the kubelet volume plugin + will proactively rotate + the service account token. + The kubelet will start + trying to rotate the token + if the token is older + than 80 percent of its + time to live or if the + token is older than 24 + hours.Defaults to 1 hour + and must be at least 10 + minutes. + format: int64 + type: integer + path: + description: path is the + path relative to the mount + point of the file to project + the token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's + lifetime + properties: + group: + description: group to map volume access + to Default is no group + type: string + readOnly: + description: readOnly here will force + the Quobyte volume to be mounted + with read-only permissions. Defaults + to false. + type: boolean + registry: + description: registry represents a + single or multiple Quobyte Registry + services specified as a string as + host:port pair (multiple entries + are separated with commas) which + acts as the central registry for + volumes + type: string + tenant: + description: tenant owning the given + Quobyte volume in the Backend Used + with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: user to map volume access + to Defaults to serivceaccount user + type: string + volume: + description: volume is a string that + references an already created Quobyte + volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block + Device mount on the host that shares + a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados image + name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path + to key ring for RBDUser. Default + is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados pool + name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of + the authentication secret for RBDUser. + If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user + name. Default is admin. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address + of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the + name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references + to the secret for ScaleIO user and + other sensitive information. If + this is not provided, Login operation + will fail. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, + default false + type: boolean + storageMode: + description: storageMode indicates + whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO + Storage Pool associated with the + protection domain. + type: string + system: + description: system is the name of + the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name + of a volume already created in the + ScaleIO system that is associated + with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret + that should populate this volume. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 and + 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. Defaults + to 0644. Directories within the + path are not affected by this setting. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, + each key-value pair in the Data + field of the referenced Secret will + be projected into the volume as + a file whose name is the key and + content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify + whether the Secret or its keys must + be defined + type: boolean + secretName: + description: 'secretName is the name + of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the + secret to use for obtaining the + StorageOS API credentials. If not + specified, default values will be + attempted. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within StorageOS. If + no namespace is specified then the + Pod's namespace will be used. This + allows the Kubernetes name scoping + to be mirrored within StorageOS + for tighter integration. Set VolumeName + to any name to override the default + behaviour. Set to "default" if you + are not using namespaces within + StorageOS. Namespaces that do not + pre-exist within StorageOS will + be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents + a vSphere volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fsType is filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the + storage Policy Based Management + (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is + the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path + that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + name: + description: Name specifies the name of the addon that + will be used for the backup/restore purpose + type: string + tasks: + description: Tasks specifies a list of backup/restore + tasks and their configuration parameters + items: + description: TaskReference specifies a task and its + configuration parameters + properties: + addonVolumes: + description: AddonVolumes lets you overwrite the + volume sources used in the VolumeTemplate section + of Addon. Make sure that name of your volume + matches with the name of the volume you want + to overwrite. + items: + description: AddonVolumeInfo specifies the name + and the source of volume + properties: + name: + description: Name specifies the name of + the volume + type: string + source: + description: Source specifies the source + of this volume. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true + will force the readOnly setting + in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique + ID of the persistent disk resource + in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an + Azure Data Disk mount on the host + and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the + Host Caching mode: None, Read + Only, Read Write.' + type: string + diskName: + description: diskName is the Name + of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI + of data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values + are Shared: multiple blob disks + per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only + in managed availability set). + defaults to shared' + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an + Azure File Service mount on the host + and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name + of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: shareName is the azure + share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph + FS mount on the host that shares a + pod's lifetime + properties: + monitors: + description: 'monitors is Required: + Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: + Used as the mounted root, rather + than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: + SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: + SecretRef is reference to the + authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: + User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder + volume attached and mounted on kubelets + host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to + be "ext4" if unspecified. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults + to false (read/write). ReadOnly + here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: + points to a secret object containing + parameters used to connect to + OpenStack.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify + the volume in cinder. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a + configMap that should populate this + volume + properties: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the ConfigMap, + the volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage + Interface) represents ephemeral storage + that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name + of the CSI driver that handles + this volume. Consult with your + admin for the correct name as + registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. + "ext4", "xfs", "ntfs". If not + provided, the empty value is passed + to the associated CSI driver which + will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef + is a reference to the secret object + containing sensitive information + to pass to the CSI driver to complete + the CSI NodePublishVolume and + NodeUnpublishVolume calls. This + field is optional, and may be + empty if no secret is required. + If the secret object contains + more than one secret, all secret + references are passed. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies + a read-only configuration for + the volume. Defaults to false + (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores + driver-specific properties that + are passed to the CSI driver. + Consult your driver's documentation + for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents + downward API about the pod that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits + to use on created files by default. + Must be a Optional: mode bits + used to set permissions on created + files by default. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of + downward API volume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a + temporary directory that shares a + pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents + what type of storage medium should + back this directory. The default + is "" which means to use the node''s + default medium. Must be an empty + string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total + amount of local storage required + for this EmptyDir volume. The + size limit is also applicable + for memory medium. The maximum + usage on memory medium EmptyDir + would be the minimum value between + the SizeLimit specified here and + the sum of memory limits of all + containers in a pod. The default + is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a + volume that is handled by a cluster + storage driver. The volume's lifecycle + is tied to the pod that defines it + - it will be created before the pod + starts, and deleted when the pod is + removed. \n Use this if: a) the volume + is only needed while the pod runs, + b) features of normal volumes like + restoring from snapshot or capacity + tracking are needed, c) the storage + driver is specified through a storage + class, and d) the storage driver supports + dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection + between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one + of the vendor-specific APIs for volumes + that persist for longer than the lifecycle + of an individual pod. \n Use CSI for + light-weight local ephemeral volumes + if the CSI driver is meant to be used + that way - see the documentation of + the driver for more information. \n + A pod can use both types of ephemeral + volumes and persistent volumes at + the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create + a stand-alone PVC to provision + the volume. The pod in which this + EphemeralVolumeSource is embedded + will be the owner of the PVC, + i.e. the PVC will be deleted together + with the pod. The name of the + PVC will be `-` where `` is + the name from the `PodSpec.Volumes` + array entry. Pod validation will + reject the pod if the concatenated + name is not valid for a PVC (for + example, too long). \n An existing + PVC with that name that is not + owned by the pod will *not* be + used for the pod to avoid using + an unrelated volume by mistake. + Starting the pod is then blocked + until the unrelated PVC is removed. + If such a pre-created PVC is meant + to be used by the pod, the PVC + has to updated with an owner reference + to the pod once the pod exists. + Normally this should not be necessary, + but it may be useful when manually + reconstructing a broken cluster. + \n This field is read-only and + no changes will be made by Kubernetes + to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels + and annotations that will + be copied into the PVC when + creating it. No other fields + are allowed and will be rejected + during validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations + is an unstructured key + value map stored with + a resource that may be + set by external tools + to store and retrieve + arbitrary metadata. They + are not queryable and + should be preserved when + modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName + is an optional prefix, + used by the server, to + generate a unique name + ONLY IF the Name field + has not been provided. + If this field is used, + the name returned to the + client will be different + than the name passed. + This value will also be + combined with a unique + suffix. The provided value + has the same validation + rules as the Name field, + and may be truncated by + the length of the suffix + required to make the value + unique on the server. + \n If this field is specified + and the generated name + exists, the server will + NOT return a 409 - instead, + it will either return + 201 Created or 500 with + Reason ServerTimeout indicating + a unique name could not + be found in the time allotted, + and the client should + retry (optionally after + the time indicated in + the Retry-After header). + \n Applied only if Name + is not specified. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can + be used to organize and + categorize (scope and + select) objects. May match + selectors of replication + controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must + be unique within a namespace. + Is required when creating + resources, although some + resources may allow a + client to request the + generation of an appropriate + name automatically. Name + is primarily intended + for creation idempotence + and configuration definition. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace + defines the space within + each name must be unique. + An empty namespace is + equivalent to the \"default\" + namespace, but \"default\" + is the canonical representation. + Not all objects are required + to be scoped to a namespace + - the value of this field + for those objects will + be empty. \n Must be a + DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. + If ALL objects in the + list have been deleted, + this object will be garbage + collected. If this object + is managed by a controller, + then an entry in this + list will point to this + controller, with the controller + field set to true. There + cannot be more than one + managing controller. + items: + description: OwnerReference + contains enough information + to let you identify + an owning object. An + owning object must be + in the same namespace + as the dependent, or + be cluster-scoped, so + there is no namespace + field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner + has the "foregroundDeletion" + finalizer, then + the owner cannot + be deleted from + the key-value store + until this reference + is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field + and enforces the + foreground deletion. + Defaults to false. + To set this field, + a user needs "delete" + permission of the + owner, otherwise + 422 (Unprocessable + Entity) will be + returned. + type: boolean + controller: + description: If true, + this reference points + to the managing + controller. + type: boolean + kind: + description: 'Kind + of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification + for the PersistentVolumeClaim. + The entire content is copied + unchanged into the PVC that + gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes + contains the desired access + modes the volume should + have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource + field can be used to specify + either: * An existing + VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or + an external controller + can support the specified + data source, it will create + a new volume based on + the contents of the specified + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the + volume with data, if a + non-empty volume is desired. + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim + object. When this field + is specified, volume binding + will only succeed if the + type of the specified + object matches some installed + volume populator or dynamic + provisioner. This field + will replace the functionality + of the dataSource field + and as such if both fields + are non-empty, they must + have the same value. For + backwards compatibility, + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows + two specific types of + objects, dataSourceRef + allows any non-core object, + as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, + and generates an error + if a disallowed value + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the + AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources + represents the minimum + resources the volume should + have. If RecoverVolumeExpansionFailure + feature is enabled users + are allowed to specify + resource requirements + that are lower than previous + value but must still be + higher than capacity recorded + in the status field of + the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits + describes the maximum + amount of compute + resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests + describes the minimum + amount of compute + resources required. + If Requests is omitted + for a container, it + defaults to Limits + if that is explicitly + specified, otherwise + to an implementation-defined + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is + a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode + defines what type of volume + is required by the claim. + Value of Filesystem is + implied when not included + in claim spec. + type: string + volumeName: + description: volumeName + is the binding reference + to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. TODO: how do we + prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC + target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: + FC target worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC + volume world wide identifiers + (wwids) Either wwids or combination + of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a + generic volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: + description: driver is the name + of the driver to use for this + volume. + type: string + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: + this field holds extra command + options if any.' + type: object + readOnly: + description: 'readOnly is Optional: + defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: + secretRef is reference to the + secret object containing sensitive + information to pass to the plugin + scripts. This may be empty if + no secret object is specified. + If the secret object contains + more than one secret, all secrets + are passed to the plugin scripts.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host + machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name + of the dataset stored as metadata + -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the + UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name + of the PD resource in GCE. Used + to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a + Glusterfs mount on the host that shares + a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs + volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will + force the Glusterfs volume to + be mounted with read-only permissions. + Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a + pre-existing file or directory on + the host machine that is directly + exposed to the container. This is + generally used for system agents or + other privileged things that are allowed + to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict + who can use host directory mounts + and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'path of the directory + on the host. If the path is a + symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath + Volume Defaults to "" More info: + https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI + Disk resource that is attached to + a kubelet''s host machine and then + exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines + whether support iSCSI Session + CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the + custom iSCSI Initiator Name. If + initiatorName is specified with + iscsiInterface simultaneously, + new iSCSI interface : will be created for the + connection. + type: string + iqn: + description: iqn is the target iSCSI + Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the + interface Name that uses an iSCSI + transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI + Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI + Target Portal List. The portal + is either an IP or ip_addr:port + if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP + Secret for iSCSI target and initiator + authentication + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI + Target Portal. The Portal is either + an IP or ip_addr:port if the port + is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: 'nfs represents an NFS + mount on the host that shares a pod''s + lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported + by the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will + force the NFS export to be mounted + with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname + or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name + of a PersistentVolumeClaim in + the same namespace as the pod + using this volume. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force + the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk + attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that + identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents + a portworx volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fSType represents the + filesystem type to mount Must + be a filesystem type supported + by the host operating system. + Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all + in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: defaultMode are the + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Directories within the path are + not affected by this setting. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set. + format: int32 + type: integer + sources: + description: sources is the list + of volume projections + items: + description: Projection that may + be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data + to project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced ConfigMap + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + specify whether the + ConfigMap or its keys + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data + to project + properties: + items: + description: Items is + a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information + to create the file + containing the pod + field + properties: + fieldRef: + description: 'Required: + Selects a field + of the pod: only + annotations, labels, + name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version + of the schema + the FieldPath + is written + in terms of, + defaults to + "v1". + type: string + fieldPath: + description: Path + of the field + to select + in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used + to set permissions + on this file, + must be an octal + value between + 0000 and 0777 + or a decimal value + between 0 and + 511. YAML accepts + both octal and + decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the + file to be created. + Must not be absolute + or contain the + ''..'' path. Must + be utf-8 encoded. + The first item + of the relative + path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of + the container: + only resources + limits and requests + (limits.cpu, limits.memory, + requests.cpu and + requests.memory) + are currently + supported.' + properties: + containerName: + description: 'Container + name: required + for volumes, + optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output + format of + the exposed + resources, + defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information + about the secret data to + project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced Secret + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + Secret, the volume setup + will error unless it + is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + field specify whether + the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the + serviceAccountToken data + to project + properties: + audience: + description: audience + is the intended audience + of the token. A recipient + of a token must identify + itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. + The audience defaults + to the identifier of + the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the + token approaches expiration, + the kubelet volume plugin + will proactively rotate + the service account + token. The kubelet will + start trying to rotate + the token if the token + is older than 80 percent + of its time to live + or if the token is older + than 24 hours.Defaults + to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: path is the + path relative to the + mount point of the file + to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's + lifetime + properties: + group: + description: group to map volume + access to Default is no group + type: string + readOnly: + description: readOnly here will + force the Quobyte volume to be + mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents + a single or multiple Quobyte Registry + services specified as a string + as host:port pair (multiple entries + are separated with commas) which + acts as the central registry for + volumes + type: string + tenant: + description: tenant owning the given + Quobyte volume in the Backend + Used with dynamically provisioned + Quobyte volumes, value is set + by the plugin + type: string + user: + description: user to map volume + access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string + that references an already created + Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados + Block Device mount on the host that + shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados + image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path + to key ring for RBDUser. Default + is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados + pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name + of the authentication secret for + RBDUser. If provided overrides + keyring. Default is nil. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados + user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host + address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is + the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references + to the secret for ScaleIO user + and other sensitive information. + If this is not provided, Login + operation will fail. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, + default false + type: boolean + storageMode: + description: storageMode indicates + whether the storage for a volume + should be ThickProvisioned or + ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the + ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name + of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name + of a volume already created in + the ScaleIO system that is associated + with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret + that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the Secret, the + volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify + whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'secretName is the + name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a + StorageOS volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies + the secret to use for obtaining + the StorageOS API credentials. If + not specified, default values + will be attempted. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a + namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within + StorageOS. If no namespace is + specified then the Pod's namespace + will be used. This allows the + Kubernetes name scoping to be + mirrored within StorageOS for + tighter integration. Set VolumeName + to any name to override the default + behaviour. Set to "default" if + you are not using namespaces within + StorageOS. Namespaces that do + not pre-exist within StorageOS + will be created. + type: string + type: object + volumeClaimTemplate: + description: VolumeClaimTemplate specifies + a template for volume to use by the + backup/restore executor + properties: + metadata: + description: May contain labels + and annotations that will be copied + into the PVC when creating it. + No other fields are allowed and + will be rejected during validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is + an unstructured key value + map stored with a resource + that may be set by external + tools to store and retrieve + arbitrary metadata. They are + not queryable and should be + preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is + an optional prefix, used by + the server, to generate a + unique name ONLY IF the Name + field has not been provided. + If this field is used, the + name returned to the client + will be different than the + name passed. This value will + also be combined with a unique + suffix. The provided value + has the same validation rules + as the Name field, and may + be truncated by the length + of the suffix required to + make the value unique on the + server. \n If this field is + specified and the generated + name exists, the server will + NOT return a 409 - instead, + it will either return 201 + Created or 500 with Reason + ServerTimeout indicating a + unique name could not be found + in the time allotted, and + the client should retry (optionally + after the time indicated in + the Retry-After header). \n + Applied only if Name is not + specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can be + used to organize and categorize + (scope and select) objects. + May match selectors of replication + controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique + within a namespace. Is required + when creating resources, although + some resources may allow a + client to request the generation + of an appropriate name automatically. + Name is primarily intended + for creation idempotence and + configuration definition. + Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines + the space within each name + must be unique. An empty namespace + is equivalent to the \"default\" + namespace, but \"default\" + is the canonical representation. + Not all objects are required + to be scoped to a namespace + - the value of this field + for those objects will be + empty. \n Must be a DNS_LABEL. + Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. If + ALL objects in the list have + been deleted, this object + will be garbage collected. + If this object is managed + by a controller, then an entry + in this list will point to + this controller, with the + controller field set to true. + There cannot be more than + one managing controller. + items: + description: OwnerReference + contains enough information + to let you identify an owning + object. An owning object + must be in the same namespace + as the dependent, or be + cluster-scoped, so there + is no namespace field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner has + the "foregroundDeletion" + finalizer, then the + owner cannot be deleted + from the key-value store + until this reference + is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field and + enforces the foreground + deletion. Defaults to + false. To set this field, + a user needs "delete" + permission of the owner, + otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, + this reference points + to the managing controller. + type: boolean + kind: + description: 'Kind of + the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the + referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification for + the PersistentVolumeClaim. The + entire content is copied unchanged + into the PVC that gets created + from this template. The same fields + as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes contains + the desired access modes the + volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field + can be used to specify either: + * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the + specified data source, it + will create a new volume based + on the contents of the specified + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the volume + with data, if a non-empty + volume is desired. This may + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim + object. When this field is + specified, volume binding + will only succeed if the type + of the specified object matches + some installed volume populator + or dynamic provisioner. This + field will replace the functionality + of the dataSource field and + as such if both fields are + non-empty, they must have + the same value. For backwards + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, and + generates an error if a disallowed + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the + volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are + allowed to specify resource + requirements that are lower + than previous value but must + still be higher than capacity + recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of + compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes + the minimum amount of + compute resources required. + If Requests is omitted + for a container, it defaults + to Limits if that is explicitly + specified, otherwise to + an implementation-defined + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode defines + what type of volume is required + by the claim. Value of Filesystem + is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the + binding reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + vsphereVolume: + description: vsphereVolume represents + a vSphere volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fsType is filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is + the storage Policy Based Management + (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is + the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path + that identifies vSphere volume + vmdk + type: string + required: + - volumePath + type: object + type: object + type: object + type: array + name: + description: Name indicates to the name of the + task + type: string + params: + description: Params specifies parameters for the + task. You must provide the parameter in the + Addon desired structure. + type: object + x-kubernetes-preserve-unknown-fields: true + targetVolumes: + description: TargetVolumes specifies which volumes + from the target should be mounted in the backup/restore + job/container. + properties: + volumeClaimTemplates: + description: VolumeClaimTemplates specifies + a template for the PersistentVolumeClaims + that will be created for each Pod in a StatefulSet. + items: + description: PersistentVolumeClaim is a + user's request for and claim to a persistent + volume + properties: + apiVersion: + description: 'APIVersion defines the + versioned schema of this representation + of an object. Servers should convert + recognized schemas to the latest internal + value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value + representing the REST resource this + object represents. Servers may infer + this from the endpoint the client + submits requests to. Cannot be updated. + In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an + unstructured key value map stored + with a resource that may be set + by external tools to store and + retrieve arbitrary metadata. They + are not queryable and should be + preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an + optional prefix, used by the server, + to generate a unique name ONLY + IF the Name field has not been + provided. If this field is used, + the name returned to the client + will be different than the name + passed. This value will also be + combined with a unique suffix. + The provided value has the same + validation rules as the Name field, + and may be truncated by the length + of the suffix required to make + the value unique on the server. + \n If this field is specified + and the generated name exists, + the server will NOT return a 409 + - instead, it will either return + 201 Created or 500 with Reason + ServerTimeout indicating a unique + name could not be found in the + time allotted, and the client + should retry (optionally after + the time indicated in the Retry-After + header). \n Applied only if Name + is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys + and values that can be used to + organize and categorize (scope + and select) objects. May match + selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique + within a namespace. Is required + when creating resources, although + some resources may allow a client + to request the generation of an + appropriate name automatically. + Name is primarily intended for + creation idempotence and configuration + definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines + the space within each name must + be unique. An empty namespace + is equivalent to the \"default\" + namespace, but \"default\" is + the canonical representation. + Not all objects are required to + be scoped to a namespace - the + value of this field for those + objects will be empty. \n Must + be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended + by this object. If ALL objects + in the list have been deleted, + this object will be garbage collected. + If this object is managed by a + controller, then an entry in this + list will point to this controller, + with the controller field set + to true. There cannot be more + than one managing controller. + items: + description: OwnerReference contains + enough information to let you + identify an owning object. An + owning object must be in the + same namespace as the dependent, + or be cluster-scoped, so there + is no namespace field. + properties: + apiVersion: + description: API version of + the referent. + type: string + blockOwnerDeletion: + description: If true, AND + if the owner has the "foregroundDeletion" + finalizer, then the owner + cannot be deleted from the + key-value store until this + reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector + interacts with this field + and enforces the foreground + deletion. Defaults to false. + To set this field, a user + needs "delete" permission + of the owner, otherwise + 422 (Unprocessable Entity) + will be returned. + type: boolean + controller: + description: If true, this + reference points to the + managing controller. + type: boolean + kind: + description: 'Kind of the + referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Spec defines the desired + characteristics of a volume requested + by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains + the desired access modes the volume + should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a + new volume based on the contents + of the specified data source. + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the + group for the resource being + referenced. If APIGroup is + not specified, the specified + Kind must be in the core API + group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume + populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as + such if both fields are non-empty, + they must have the same value. + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim + objects. * While dataSource ignores + disallowed values (dropping them), + dataSourceRef preserves all values, + and generates an error if a disallowed + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the + group for the resource being + referenced. If APIGroup is + not specified, the specified + Kind must be in the core API + group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the volume + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than + capacity recorded in the status + field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of compute + resources allowed. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes + the minimum amount of compute + resources required. If Requests + is omitted for a container, + it defaults to Limits if that + is explicitly specified, otherwise + to an implementation-defined + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string + volumeMode: + description: volumeMode defines + what type of volume is required + by the claim. Value of Filesystem + is implied when not included in + claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + status: + description: 'Status represents the + current information/status of a persistent + volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains + the actual access modes the volume + backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume claim + update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + ClaimResourceStatus can be in + any of following states: - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a terminal + error. - NodeResizePending: State + set when resize controller has + finished resizing the volume but + further resizing of volume is + needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has failed + in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC + for more capacity - this field + can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this + field is not set, it means that + no resize operation is in progress + for the given PVC. \n A controller + that receives PVC update with + previously unknown resourceName + or ClaimResourceStatus should + ignore the update for the purpose + it was designed. For example - + a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + Capacity reported here may be + larger than the actual capacity + when a volume expansion operation + is requested. For storage quota, + the larger value from allocatedResources + and PVC.spec.resources is used. + If allocatedResources is not set, + PVC.spec.resources alone is used + for quota calculation. If a volume + expansion capacity request is + lowered, allocatedResources is + only lowered if there are no expansion + operations in progress and if + the actual volume capacity is + equal or lower than the requested + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should ignore + the update for the purpose it + was designed. For example - a + controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents + the actual resources of the underlying + volume. + type: object + conditions: + description: conditions is the current + Condition of persistent volume + claim. If underlying persistent + volume is being resized then the + Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition + contains details about state + of pvc + properties: + lastProbeTime: + description: lastProbeTime + is the time we probed the + condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime + is the time the condition + transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the + human-readable message indicating + details about last transition. + type: string + reason: + description: reason is a unique, + this should be a short, + machine understandable string + that gives the reason for + condition's last transition. + If it reports "Resizing" + that means the underlying + persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object of + ControllerModifyVolume operation. + When this is unset, there is no + ModifyVolume operation being attempted. + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in any + of following states: - Pending + Pending indicates that the + PersistentVolumeClaim cannot + be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible indicates + that the request has been + rejected as invalid by the + CSI driver. To resolve the + error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers should + check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the + current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeMounts: + description: VolumeMounts specifies the mount + for the volumes specified in `Volumes` section + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the + host to container and the other way + around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible + or to Enabled, MountPropagation must + be None or unspecified (which defaults + to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly specifies + whether read-only mounts should be + handled recursively. \n If ReadOnly + is false, this field has no meaning + and must be unspecified. \n If ReadOnly + is true, and this field is set to + Disabled, the mount is not made recursively + read-only. If this field is set to + IfPossible, the mount is made recursively + read-only, if it is supported by the + container runtime. If this field + is set to Enabled, the mount is made + recursively read-only if it is supported + by the container runtime, otherwise + the pod will not be started and an + error will be generated to indicate + the reason. \n If this field is set + to IfPossible or Enabled, MountPropagation + must be set to None (or be unspecified, + which defaults to None). \n If this + field is not specified, it is treated + as an equivalent of Disabled." + type: string + subPath: + description: Path within the volume + from which the container's volume + should be mounted. Defaults to "" + (volume's root). + type: string + subPathExpr: + description: Expanded path within the + volume from which the container's + volume should be mounted. Behaves + similarly to SubPath but environment + variable references $(VAR_NAME) are + expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes indicates the list of + volumes of targeted application that should + be mounted on the backup/restore job. + items: + description: Volume represents a named volume + in a pod that may be accessed by any container + in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true + will force the readOnly setting + in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique + ID of the persistent disk resource + in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an + Azure Data Disk mount on the host + and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the + Host Caching mode: None, Read + Only, Read Write.' + type: string + diskName: + description: diskName is the Name + of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI + of data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values + are Shared: multiple blob disks + per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only + in managed availability set). + defaults to shared' + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an + Azure File Service mount on the host + and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name + of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: shareName is the azure + share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph + FS mount on the host that shares a + pod's lifetime + properties: + monitors: + description: 'monitors is Required: + Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: + Used as the mounted root, rather + than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: + SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: + SecretRef is reference to the + authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: + User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder + volume attached and mounted on kubelets + host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to + be "ext4" if unspecified. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults + to false (read/write). ReadOnly + here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: + points to a secret object containing + parameters used to connect to + OpenStack.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify + the volume in cinder. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a + configMap that should populate this + volume + properties: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the ConfigMap, + the volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage + Interface) represents ephemeral storage + that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name + of the CSI driver that handles + this volume. Consult with your + admin for the correct name as + registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. + "ext4", "xfs", "ntfs". If not + provided, the empty value is passed + to the associated CSI driver which + will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef + is a reference to the secret object + containing sensitive information + to pass to the CSI driver to complete + the CSI NodePublishVolume and + NodeUnpublishVolume calls. This + field is optional, and may be + empty if no secret is required. + If the secret object contains + more than one secret, all secret + references are passed. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies + a read-only configuration for + the volume. Defaults to false + (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores + driver-specific properties that + are passed to the CSI driver. + Consult your driver's documentation + for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents + downward API about the pod that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits + to use on created files by default. + Must be a Optional: mode bits + used to set permissions on created + files by default. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of + downward API volume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a + temporary directory that shares a + pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents + what type of storage medium should + back this directory. The default + is "" which means to use the node''s + default medium. Must be an empty + string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total + amount of local storage required + for this EmptyDir volume. The + size limit is also applicable + for memory medium. The maximum + usage on memory medium EmptyDir + would be the minimum value between + the SizeLimit specified here and + the sum of memory limits of all + containers in a pod. The default + is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a + volume that is handled by a cluster + storage driver. The volume's lifecycle + is tied to the pod that defines it + - it will be created before the pod + starts, and deleted when the pod is + removed. \n Use this if: a) the volume + is only needed while the pod runs, + b) features of normal volumes like + restoring from snapshot or capacity + tracking are needed, c) the storage + driver is specified through a storage + class, and d) the storage driver supports + dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection + between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one + of the vendor-specific APIs for volumes + that persist for longer than the lifecycle + of an individual pod. \n Use CSI for + light-weight local ephemeral volumes + if the CSI driver is meant to be used + that way - see the documentation of + the driver for more information. \n + A pod can use both types of ephemeral + volumes and persistent volumes at + the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create + a stand-alone PVC to provision + the volume. The pod in which this + EphemeralVolumeSource is embedded + will be the owner of the PVC, + i.e. the PVC will be deleted together + with the pod. The name of the + PVC will be `-` where `` is + the name from the `PodSpec.Volumes` + array entry. Pod validation will + reject the pod if the concatenated + name is not valid for a PVC (for + example, too long). \n An existing + PVC with that name that is not + owned by the pod will *not* be + used for the pod to avoid using + an unrelated volume by mistake. + Starting the pod is then blocked + until the unrelated PVC is removed. + If such a pre-created PVC is meant + to be used by the pod, the PVC + has to updated with an owner reference + to the pod once the pod exists. + Normally this should not be necessary, + but it may be useful when manually + reconstructing a broken cluster. + \n This field is read-only and + no changes will be made by Kubernetes + to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels + and annotations that will + be copied into the PVC when + creating it. No other fields + are allowed and will be rejected + during validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations + is an unstructured key + value map stored with + a resource that may be + set by external tools + to store and retrieve + arbitrary metadata. They + are not queryable and + should be preserved when + modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName + is an optional prefix, + used by the server, to + generate a unique name + ONLY IF the Name field + has not been provided. + If this field is used, + the name returned to the + client will be different + than the name passed. + This value will also be + combined with a unique + suffix. The provided value + has the same validation + rules as the Name field, + and may be truncated by + the length of the suffix + required to make the value + unique on the server. + \n If this field is specified + and the generated name + exists, the server will + NOT return a 409 - instead, + it will either return + 201 Created or 500 with + Reason ServerTimeout indicating + a unique name could not + be found in the time allotted, + and the client should + retry (optionally after + the time indicated in + the Retry-After header). + \n Applied only if Name + is not specified. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can + be used to organize and + categorize (scope and + select) objects. May match + selectors of replication + controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must + be unique within a namespace. + Is required when creating + resources, although some + resources may allow a + client to request the + generation of an appropriate + name automatically. Name + is primarily intended + for creation idempotence + and configuration definition. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace + defines the space within + each name must be unique. + An empty namespace is + equivalent to the \"default\" + namespace, but \"default\" + is the canonical representation. + Not all objects are required + to be scoped to a namespace + - the value of this field + for those objects will + be empty. \n Must be a + DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. + If ALL objects in the + list have been deleted, + this object will be garbage + collected. If this object + is managed by a controller, + then an entry in this + list will point to this + controller, with the controller + field set to true. There + cannot be more than one + managing controller. + items: + description: OwnerReference + contains enough information + to let you identify + an owning object. An + owning object must be + in the same namespace + as the dependent, or + be cluster-scoped, so + there is no namespace + field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner + has the "foregroundDeletion" + finalizer, then + the owner cannot + be deleted from + the key-value store + until this reference + is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field + and enforces the + foreground deletion. + Defaults to false. + To set this field, + a user needs "delete" + permission of the + owner, otherwise + 422 (Unprocessable + Entity) will be + returned. + type: boolean + controller: + description: If true, + this reference points + to the managing + controller. + type: boolean + kind: + description: 'Kind + of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification + for the PersistentVolumeClaim. + The entire content is copied + unchanged into the PVC that + gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes + contains the desired access + modes the volume should + have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource + field can be used to specify + either: * An existing + VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or + an external controller + can support the specified + data source, it will create + a new volume based on + the contents of the specified + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the + volume with data, if a + non-empty volume is desired. + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim + object. When this field + is specified, volume binding + will only succeed if the + type of the specified + object matches some installed + volume populator or dynamic + provisioner. This field + will replace the functionality + of the dataSource field + and as such if both fields + are non-empty, they must + have the same value. For + backwards compatibility, + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows + two specific types of + objects, dataSourceRef + allows any non-core object, + as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, + and generates an error + if a disallowed value + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the + AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources + represents the minimum + resources the volume should + have. If RecoverVolumeExpansionFailure + feature is enabled users + are allowed to specify + resource requirements + that are lower than previous + value but must still be + higher than capacity recorded + in the status field of + the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits + describes the maximum + amount of compute + resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests + describes the minimum + amount of compute + resources required. + If Requests is omitted + for a container, it + defaults to Limits + if that is explicitly + specified, otherwise + to an implementation-defined + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is + a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode + defines what type of volume + is required by the claim. + Value of Filesystem is + implied when not included + in claim spec. + type: string + volumeName: + description: volumeName + is the binding reference + to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. TODO: how do we + prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC + target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: + FC target worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC + volume world wide identifiers + (wwids) Either wwids or combination + of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a + generic volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: + description: driver is the name + of the driver to use for this + volume. + type: string + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: + this field holds extra command + options if any.' + type: object + readOnly: + description: 'readOnly is Optional: + defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: + secretRef is reference to the + secret object containing sensitive + information to pass to the plugin + scripts. This may be empty if + no secret object is specified. + If the secret object contains + more than one secret, all secrets + are passed to the plugin scripts.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host + machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name + of the dataset stored as metadata + -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the + UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name + of the PD resource in GCE. Used + to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a + Glusterfs mount on the host that shares + a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs + volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will + force the Glusterfs volume to + be mounted with read-only permissions. + Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a + pre-existing file or directory on + the host machine that is directly + exposed to the container. This is + generally used for system agents or + other privileged things that are allowed + to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict + who can use host directory mounts + and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'path of the directory + on the host. If the path is a + symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath + Volume Defaults to "" More info: + https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI + Disk resource that is attached to + a kubelet''s host machine and then + exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines + whether support iSCSI Session + CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the + custom iSCSI Initiator Name. If + initiatorName is specified with + iscsiInterface simultaneously, + new iSCSI interface : will be created for the + connection. + type: string + iqn: + description: iqn is the target iSCSI + Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the + interface Name that uses an iSCSI + transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI + Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI + Target Portal List. The portal + is either an IP or ip_addr:port + if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP + Secret for iSCSI target and initiator + authentication + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI + Target Portal. The Portal is either + an IP or ip_addr:port if the port + is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must + be a DNS_LABEL and unique within the + pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS + mount on the host that shares a pod''s + lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported + by the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will + force the NFS export to be mounted + with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname + or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name + of a PersistentVolumeClaim in + the same namespace as the pod + using this volume. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force + the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk + attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that + identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents + a portworx volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fSType represents the + filesystem type to mount Must + be a filesystem type supported + by the host operating system. + Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all + in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: defaultMode are the + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Directories within the path are + not affected by this setting. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set. + format: int32 + type: integer + sources: + description: sources is the list + of volume projections + items: + description: Projection that may + be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data + to project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced ConfigMap + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + specify whether the + ConfigMap or its keys + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data + to project + properties: + items: + description: Items is + a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information + to create the file + containing the pod + field + properties: + fieldRef: + description: 'Required: + Selects a field + of the pod: only + annotations, labels, + name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version + of the schema + the FieldPath + is written + in terms of, + defaults to + "v1". + type: string + fieldPath: + description: Path + of the field + to select + in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used + to set permissions + on this file, + must be an octal + value between + 0000 and 0777 + or a decimal value + between 0 and + 511. YAML accepts + both octal and + decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the + file to be created. + Must not be absolute + or contain the + ''..'' path. Must + be utf-8 encoded. + The first item + of the relative + path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of + the container: + only resources + limits and requests + (limits.cpu, limits.memory, + requests.cpu and + requests.memory) + are currently + supported.' + properties: + containerName: + description: 'Container + name: required + for volumes, + optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output + format of + the exposed + resources, + defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information + about the secret data to + project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced Secret + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + Secret, the volume setup + will error unless it + is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + field specify whether + the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the + serviceAccountToken data + to project + properties: + audience: + description: audience + is the intended audience + of the token. A recipient + of a token must identify + itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. + The audience defaults + to the identifier of + the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the + token approaches expiration, + the kubelet volume plugin + will proactively rotate + the service account + token. The kubelet will + start trying to rotate + the token if the token + is older than 80 percent + of its time to live + or if the token is older + than 24 hours.Defaults + to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: path is the + path relative to the + mount point of the file + to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's + lifetime + properties: + group: + description: group to map volume + access to Default is no group + type: string + readOnly: + description: readOnly here will + force the Quobyte volume to be + mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents + a single or multiple Quobyte Registry + services specified as a string + as host:port pair (multiple entries + are separated with commas) which + acts as the central registry for + volumes + type: string + tenant: + description: tenant owning the given + Quobyte volume in the Backend + Used with dynamically provisioned + Quobyte volumes, value is set + by the plugin + type: string + user: + description: user to map volume + access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string + that references an already created + Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados + Block Device mount on the host that + shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados + image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path + to key ring for RBDUser. Default + is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados + pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name + of the authentication secret for + RBDUser. If provided overrides + keyring. Default is nil. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados + user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host + address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is + the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references + to the secret for ScaleIO user + and other sensitive information. + If this is not provided, Login + operation will fail. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, + default false + type: boolean + storageMode: + description: storageMode indicates + whether the storage for a volume + should be ThickProvisioned or + ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the + ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name + of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name + of a volume already created in + the ScaleIO system that is associated + with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret + that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the Secret, the + volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify + whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'secretName is the + name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a + StorageOS volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies + the secret to use for obtaining + the StorageOS API credentials. If + not specified, default values + will be attempted. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a + namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within + StorageOS. If no namespace is + specified then the Pod's namespace + will be used. This allows the + Kubernetes name scoping to be + mirrored within StorageOS for + tighter integration. Set VolumeName + to any name to override the default + behaviour. Set to "default" if + you are not using namespaces within + StorageOS. Namespaces that do + not pre-exist within StorageOS + will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents + a vSphere volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fsType is filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is + the storage Policy Based Management + (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is + the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path + that identifies vSphere volume + vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + variables: + description: Variables specifies a list of variables + and their sources that will be used to resolve + the task. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + type: object + type: array + type: object + manifestOptions: + description: ManifestOptions provide options to select particular + manifest object to restore + properties: + mariaDB: + description: MariaDB specifies the options for selecting + particular MariaDB components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + mongoDB: + description: MongoDB specifies the options for selecting + particular MongoDB components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + mySQL: + description: MySQL specifies the options for selecting + particular MySQL components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + postgres: + description: Postgres specifies the options for selecting + particular Postgres components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + restoreNamespace: + description: RestoreNamespace specifies the Namespace + where the restored files will be applied + type: string + type: object + target: + description: Target indicates the target application where + the data will be restored + properties: + apiGroup: + type: string + kind: + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + type: object + type: object + retryConfig: + description: RetryConfig specifies the behavior of the retry + mechanism in case of a verification failure. + properties: + delay: + description: 'The amount of time to wait before next retry. + If you don''t specify this field, KubeStash will retry + immediately. Format: 30s, 2m, 1h etc.' + type: string + maxRetry: + default: 1 + description: MaxRetry specifies the maximum number of times + KubeStash should retry the backup/restore process. By + default, KubeStash will retry only 1 time. + format: int32 + minimum: 1 + type: integer + type: object + runtimeSettings: + description: RuntimeSettings allow to specify Resources, NodeSelector, + Affinity, Toleration, ReadinessProbe etc. for the verification + job. + properties: + container: + properties: + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are + almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are + almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + ionice: + description: 'Settings to configure `ionice` to throttle + the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' + properties: + class: + format: int32 + type: integer + classData: + format: int32 + type: integer + type: object + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nice: + description: 'Settings to configure `nice` to throttle + the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' + properties: + adjustment: + format: int32 + type: integer + type: object + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by this container. If set, this profile + overrides the pod's appArmorProfile. Note that + this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used. The + profile must be preconfigured on the node + to work. Must match the loaded name of the + profile. Must be set if and only if type is + "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor + profile will be applied. Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime''s + default profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + type: object + pod: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select the group + of existing pods which pods will be + taken into consideration for the incoming + pod's pod (anti) affinity. Keys that + don't exist in the incoming pod labels + will be ignored. The default value is + empty. The same key is forbidden to + exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when + labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to select the + group of existing pods which pods will + be taken into consideration for the + incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both mismatchLabelKeys and + labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select the group + of existing pods which pods will be + taken into consideration for the incoming + pod's pod (anti) affinity. Keys that + don't exist in the incoming pod labels + will be ignored. The default value is + empty. The same key is forbidden to + exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when + labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to select the + group of existing pods which pods will + be taken into consideration for the + incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both mismatchLabelKeys and + labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of + references to secrets in the same namespace to use + for pulling any of the images used by this PodRuntimeSettings. + If specified, these secrets will be passed to individual + puller implementations for them to use. For example, + in the case of docker, only DockerConfig type secrets + are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeName: + description: NodeName is a request to schedule this + pod onto a specific node. If it is non-empty, the + scheduler simply schedules this pod onto that node, + assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + podAnnotations: + additionalProperties: + type: string + description: PodAnnotations are the annotations that + will be attached with the respective Pod + type: object + podLabels: + additionalProperties: + type: string + description: PodLabels are the labels that will be attached + with the respective Pod + type: object + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When + Priority Admission Controller is enabled, it prevents + users from setting this field. The admission controller + populates this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest + priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass + object with that name. If not specified, the pod priority + will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will + be evaluated for pod readiness. A pod is ready when + all its containers are ready AND all conditions specified + in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset + or empty, the "legacy" RuntimeClass will be used, + which is an implicit class with an empty definition + that uses the default runtime handler. More info: + https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is an alpha feature and may change in the future.' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, the pod + will be dispatched by default scheduler. + type: string + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by the containers in this pod. Note that + this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used. The + profile must be preconfigured on the node + to work. Must match the loaded name of the + profile. Must be set if and only if type is + "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor + profile will be applied. Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime''s + default profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID, the fsGroup (if specified), + and group memberships defined in the container + image for the uid of the container process. If + unspecified, no additional groups are added to + any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are + not included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: ServiceAccountAnnotations are the annotations + that will be attached with the respective ServiceAccount + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the + ServiceAccount to use to run this pod. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be + set when LabelSelector isn't set. Keys that + don't exist in the incoming pod labels will + be ignored. A null or empty list means only + match against labelSelector. \n This is a beta + field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how + we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this + value is nil, the behavior is equivalent to + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. \n If this value is + nil, the behavior is equivalent to the Ignore + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to topologies + that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some + topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object + script: + description: Script specifies the script to be run to verify + backup. + properties: + args: + description: Args specifies the arguments to be provided + with the script. + items: + type: string + type: array + location: + description: Location specifies the absolute path of the + script file's location. + type: string + type: object + sessionHistoryLimit: + default: 1 + description: SessionHistoryLimit specifies how many BackupVerificationSessions + and associate resources KubeStash should keep for debugging + purpose. The default value is 1. + format: int32 + type: integer + type: + description: 'Type indicate the types of verifier that will + verify the backup. Valid values are: - "RestoreOnly": KubeStash + will create a RestoreSession with the tasks provided in BackupConfiguration''s + verificationStrategies section. - "File": KubeStash will restore + the data and then create a job to check if the files exist + or not. This type is recommended for workload backup verification. + - "Query": KubeStash operator will restore data and then create + a job to run the queries. This type is recommended for database + backup verification. - "Script": KubeStash operator will restore + data and then create a job to run the script. This type is + recommended for database backup verification.' + enum: + - RestoreOnly + - File + - Query + - Script + type: string + verifySchedule: + description: VerifySchedule specifies the schedule of backup + verification in Cron format, see https://en.wikipedia.org/wiki/Cron. + type: string + type: object + type: array type: object status: description: BackupBatchStatus defines the observed state of BackupBatch diff --git a/crds/core.kubestash.com_backupconfigurations.yaml b/crds/core.kubestash.com_backupconfigurations.yaml index 3c0fbe63..23b9db6c 100644 --- a/crds/core.kubestash.com_backupconfigurations.yaml +++ b/crds/core.kubestash.com_backupconfigurations.yaml @@ -34410,6 +34410,17 @@ spec: description: VerificationStrategy specifies a strategy to verify the backed up data. properties: + file: + description: File specifies the file paths information whose + existence will be checked for backup verification. + properties: + paths: + description: Paths specifies the list of paths whose existence + will be checked. These paths must be absolute paths. + items: + type: string + type: array + type: object keepAlive: description: KeepAlive specifies the duration of keeping the instances created for backup verification. @@ -34418,8313 +34429,18768 @@ spec: name: description: Name indicates the name of this strategy. type: string - namespace: - description: Namespace specifies where the verification resources - should be created. - type: string - params: - description: Params specifies the parameters that will be used - by the verifier. - type: object - x-kubernetes-preserve-unknown-fields: true - retryConfig: - description: RetryConfig specifies the behavior of the retry - mechanism in case of a verification failure. + query: + description: Query specifies the queries to be run to verify + backup. properties: - delay: - description: 'The amount of time to wait before next retry. - If you don''t specify this field, KubeStash will retry - immediately. Format: 30s, 2m, 1h etc.' - type: string - maxRetry: - default: 1 - description: MaxRetry specifies the maximum number of times - KubeStash should retry the backup/restore process. By - default, KubeStash will retry only 1 time. - format: int32 - minimum: 1 - type: integer + elasticsearch: + items: + properties: + index: + type: string + type: object + type: array + mongodb: + items: + properties: + collection: + type: string + database: + type: string + rowCount: + format: int32 + type: integer + type: object + type: array + mysql: + items: + properties: + database: + type: string + rowCount: + format: int32 + type: integer + table: + type: string + type: object + type: array + postgres: + items: + properties: + database: + type: string + rowCount: + format: int32 + type: integer + schema: + type: string + table: + type: string + type: object + type: array + redis: + items: + properties: + database: + type: string + dbSize: + format: int32 + type: integer + type: object + type: array type: object - runtimeSettings: - description: RuntimeSettings allow to specify Resources, NodeSelector, - Affinity, Toleration, ReadinessProbe etc. for the verification - job. + restoreOption: + description: RestoreOption specifies the restore target, addonInfo + and manifestOption for backup verification properties: - container: + addonInfo: + description: AddonInfo specifies addon configuration that + will be used to restore this target. properties: - env: - description: List of environment variables to set in - the container. Cannot be updated. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) - are expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + containerRuntimeSettings: + description: ContainerRuntimeSettings specifies runtime + settings for the backup/restore executor container + properties: + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a + variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will + take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be + updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from properties: - key: - description: The key to select. - type: string name: - description: 'Name of the referent. More + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: description: Specify whether the ConfigMap - or its key must be defined + must be defined type: boolean - required: - - key type: object x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: - supports metadata.name, metadata.namespace, - `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string name: - description: 'Name of the referent. More + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string optional: description: Specify whether the Secret - or its key must be defined + must be defined type: boolean - required: - - key type: object x-kubernetes-map-type: atomic type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment - variables in the container. The keys defined within - a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is - starting. When a key exists in multiple sources, the - value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend - to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - ionice: - description: 'Settings to configure `ionice` to throttle - the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' - properties: - class: - format: int32 - type: integer - classData: - format: int32 - type: integer - type: object - lifecycle: - description: Actions that the management system should - take in response to container lifecycle events. Cannot - be updated. - properties: - postStart: - description: 'PostStart is called immediately after - a container is created. If the handler fails, - the container is terminated and restarted according - to its restart policy. Other management of the - container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: array + ionice: + description: 'Settings to configure `ionice` to + throttle the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. + class: + format: int32 + type: integer + classData: + format: int32 + type: integer + type: object + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and restarted + according to its restart policy. Other management + of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before - a container is terminated due to an API request - or management event such as liveness/startup probe - failure, preemption, resource contention, etc. - The handler is not called if the container crashes - or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the - container will eventually terminate within the - Pod''s termination grace period (unless delayed - by finalizers). Other management of the container - blocks until the hook completes or until the termination - grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line - to execute inside the container, the working - directory for the command is root ('/') - in the container's filesystem. The command - is simply exec'd, it is not run inside - a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, - you need to explicitly call out to that - shell. Exit status of 0 is treated as - live/healthy and non-zero is unhealthy. - items: - type: string - type: array + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object type: object - httpGet: - description: HTTPGet specifies the http request - to perform. + preStop: + description: 'PreStop is called immediately + before a container is terminated due to an + API request or management event such as liveness/startup + probe failure, preemption, resource contention, + etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination grace + period (unless delayed by finalizers). Other + management of the container blocks until the + hook completes or until the termination grace + period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. - This will be canonicalized upon - output, so case-variant names will - be understood as the same header. - type: string - value: - description: The header field value + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP - server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port - to access on the container. Number must - be in the range 1 to 65535. Name must - be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting - to the host. Defaults to HTTP. - type: string - required: - - port - type: object - sleep: - description: Sleep represents the duration that - the container should sleep before being terminated. - properties: - seconds: - description: Seconds is the number of seconds - to sleep. - format: int64 - type: integer - required: - - seconds - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward - compatibility. There are no validation of - this field and lifecycle hooks will fail in - runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port - to access on the container. Number must - be in the range 1 to 65535. Name must + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number of + seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT + supported as a LifecycleHandler and kept + for the backward compatibility. There + are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is + 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string required: - port type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. - Container will be restarted if the probe fails. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. - properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly halted + with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value zero + indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta + field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - nice: - description: 'Settings to configure `nice` to throttle - the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html - More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' - properties: - adjustment: - format: int32 - type: integer - type: object - readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if - the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to - execute inside the container, the working - directory for the command is root ('/') in - the container's filesystem. The command is - simply exec'd, it is not run inside a shell, - so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is - treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array type: object - failureThreshold: - description: Minimum consecutive failures for the - probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving - a GRPC port. + nice: + description: 'Settings to configure `nice` to throttle + the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' properties: - port: - description: Port number of the gRPC service. - Number must be in the range 1 to 65535. + adjustment: format: int32 type: integer - service: - description: "Service is the name of the service - to place in the gRPC HealthCheckRequest (see - https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port type: object - httpGet: - description: HTTPGet specifies the http request - to perform. + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from service + endpoints if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - host: - description: Host name to connect to, defaults - to the pod IP. You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: The header field name. This - will be canonicalized upon output, so - case-variant names will be understood - as the same header. - type: string - value: - description: The header field value + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: type: string - required: - - name - - value + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is + 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly halted + with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value zero + indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta + field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name type: object type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to - the host. Defaults to HTTP. - type: string - required: - - port + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object type: object - initialDelaySeconds: - description: 'Number of seconds after the container - has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the - probe. Default to 10 seconds. Minimum value is - 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the - probe to be considered successful after having - failed. Defaults to 1. Must be 1 for liveness - and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving - a TCP port. + securityContext: + description: 'Security options the pod should run + with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod - needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer - than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds - will be used. Otherwise, this value overrides - the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity - to shut down). This is a beta field and requires - enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the - probe times out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN Note that + this field cannot be set when spec.os.name + is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor + options to use by this container. If set, + this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile loaded on the node that should + be used. The profile must be preconfigured + on the node to work. Must match the loaded + name of the profile. Must be set if and + only if type is "Localhost". + type: string + type: + description: 'type indicates which kind + of AppArmor profile will be applied. Valid + options are: Localhost - a profile pre-loaded + on the node. RuntimeDefault - the container + runtime''s default profile. Unconfined + - no AppArmor enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when + running containers. Defaults to the default + set of capabilities granted by the container + runtime. Note that this field cannot be set + when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. Note that this field cannot be set + when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that + this field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot be + set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also + be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot be + set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided + at both the pod & container level, the container + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the node + should be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must be set + if type is "Localhost". Must NOT be set + for any other type. + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. Valid + options are: \n Localhost - a profile + defined in a file on the node should be + used. RuntimeDefault - the container runtime + default profile should be used. Unconfined + - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. Note that this field cannot be + set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a + container should be run as a 'Host Process' + container. All of a Pod's containers must + have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to + run the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object type: object - resources: - description: 'Compute Resources required by container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + jobTemplate: + description: JobTemplate specifies runtime configurations + for the backup/restore Job properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. - More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls - whether a process can gain more privileges than - its parent process. This bool directly controls - if the no_new_privs flag will be set on the container - process. AllowPrivilegeEscalation is true always - when the container is: 1) run as Privileged 2) - has CAP_SYS_ADMIN Note that this field cannot - be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running - containers. Defaults to the default set of capabilities - granted by the container runtime. Note that this - field cannot be set when spec.os.name is windows. + controller: + description: 'Workload controller''s metadata. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type + annotations: + additionalProperties: type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type + description: 'Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent - to root on the host. Defaults to false. Note that - this field cannot be set when spec.os.name is - windows. - type: boolean - procMount: - description: procMount denotes the type of proc - mount to use for the containers. The default is - DefaultProcMount which uses the container runtime - defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to - be enabled. Note that this field cannot be set - when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only - root filesystem. Default is false. Note that this - field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - the container. If unspecified, the container runtime - will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string + description: 'Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. May match selectors + of replication controllers and services. More + info: http://kubernetes.io/docs/user-guide/labels' + type: object type: object - seccompProfile: - description: The seccomp options to use by this - container. If seccomp options are provided at - both the pod & container level, the container - options override the pod options. Note that this - field cannot be set when spec.os.name is windows. + metadata: + description: 'Standard object''s metadata. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured + key value map stored with a resource that + may be set by external tools to store and + retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values + that can be used to organize and categorize + (scope and select) objects. May match selectors + of replication controllers and services. More + info: http://kubernetes.io/docs/user-guide/labels' + type: object type: object - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - from the PodSecurityContext will be used. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. + spec: + description: 'Specification of the desired behavior + of the pod. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - type: object - pod: - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most - preferred. - items: - description: An empty preferred scheduling - term matches all objects with implicit weight - 0 (i.e. it's a no-op). A null preferred - scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to an update), the - system may or may not try to eventually evict - the pod from its node. + affinity: + description: If specified, the pod's scheduling + constraints properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose a + node that violates one or more of + the expressions. The node that is + most preferred is the one with the + greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node matches the + corresponding matchExpressions; the + node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A + null preferred scheduling term matches + no objects (i.e. is also a no-op). properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by + node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node + selector requirements by + node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated + with matching the corresponding + nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - preference + - weight type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `LabelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `LabelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the + affinity requirements specified by + this field cease to be met at some + point during pod execution (e.g. due + to an update), the system may or may + not try to eventually evict the pod + from its node. + properties: + nodeSelectorTerms: + description: Required. A list of + node selector terms. The terms + are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are + ANDed. The TopologySelectorTerm + type implements a subset of + the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by + node's labels. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node + selector requirements by + node's fields. + items: + description: A node selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, + DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array + of string values. + If the operator is + In or NotIn, the values + array must be non-empty. + If the operator is + Exists or DoesNotExist, + the values array must + be empty. If the operator + is Gt or Lt, the values + array must have a + single element, which + will be interpreted + as an integer. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to a pod label update), - the system may or may not try to eventually - evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running - properties: - labelSelector: - description: A label query over a set - of resources, in this case pods. If - it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from - the incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select the group - of existing pods which pods will be - taken into consideration for the incoming - pod's pod (anti) affinity. Keys that - don't exist in the incoming pod labels - will be ignored. The default value is - empty. The same key is forbidden to - exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when - LabelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set - of pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from - the incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to select the - group of existing pods which pods will - be taken into consideration for the - incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity - expressions specified by this field, but it - may choose a node that violates one or more - of the expressions. The node that is most - preferred is the one with the greatest sum - of weights, i.e. for each node that meets - all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and adding - "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most - preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: A label query over a - set of resources, in this case pods. - If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set - of pod label keys to select which - pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `LabelSelector` as `key in (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both MatchLabelKeys - and LabelSelector. Also, MatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is - a set of pod label keys to select - which pods will be taken into consideration. - The keys are used to lookup values - from the incoming pod labels, those - key-value labels are merged with - `LabelSelector` as `key notin (value)` - to select the group of existing - pods which pods will be taken into - consideration for the incoming pod's - pod (anti) affinity. Keys that don't - exist in the incoming pod labels - will be ignored. The default value - is empty. The same key is forbidden - to exist in both MismatchLabelKeys - and LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector - isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod label - update), the system may or may not try to - eventually evict the pod from its node. When - there are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running - properties: - labelSelector: - description: A label query over a set - of resources, in this case pods. If - it's null, this PodAffinityTerm matches - with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of - pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from - the incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key in (value)` to select the group - of existing pods which pods will be - taken into consideration for the incoming - pod's pod (anti) affinity. Keys that - don't exist in the incoming pod labels - will be ignored. The default value is - empty. The same key is forbidden to - exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when - LabelSelector isn't set. This is an - alpha field and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set - of pod label keys to select which pods - will be taken into consideration. The - keys are used to lookup values from - the incoming pod labels, those key-value - labels are merged with `LabelSelector` - as `key notin (value)` to select the - group of existing pods which pods will - be taken into consideration for the - incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming - pod labels will be ignored. The default - value is empty. The same key is forbidden - to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys - cannot be set when LabelSelector isn't - set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates - whether a service account token should be automatically - mounted. - type: boolean - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of - references to secrets in the same namespace to use - for pulling any of the images used by this PodRuntimeSettings. - If specified, these secrets will be passed to individual - puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough - information to let you locate the referenced object - inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, the - scheduler simply schedules this pod onto that node, - assuming that it fits resource requirements. - type: string - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector which - must match a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - podAnnotations: - additionalProperties: - type: string - description: PodAnnotations are the annotations that - will be attached with the respective Pod - type: object - podLabels: - additionalProperties: - type: string - description: PodLabels are the labels that will be attached - with the respective Pod - type: object - priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When - Priority Admission Controller is enabled, it prevents - users from setting this field. The admission controller - populates this field from PriorityClassName. The higher - the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod priority - will be default or zero if there is no default. - type: string - readinessGates: - description: 'If specified, all readiness gates will - be evaluated for pod readiness. A pod is ready when - all its containers are ready AND all conditions specified - in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - items: - description: PodReadinessGate contains the reference - to a pod condition - properties: - conditionType: - description: ConditionType refers to a condition - in the pod's condition list with matching type. - type: string - required: - - conditionType - type: object - type: array - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be used - to run this pod. If no RuntimeClass resource matches - the named class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will be used, - which is an implicit class with an empty definition - that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is an alpha feature and may change in the future.' - type: string - schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the pod - will be dispatched by default scheduler. - type: string - securityContext: - description: 'Security options the pod should run with. - More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - fsGroup: - description: "A special supplemental group that - applies to all containers in a pod. Some volume - types allow the Kubelet to change the ownership - of that volume to be owned by the pod: \n 1. The - owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be - owned by FSGroup) 3. The permission bits are OR'd - with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior - of changing ownership and permission of the volume - before being exposed inside Pod. This field will - only apply to volume types which support fsGroup - based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name - is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the - container process. Uses runtime default if unset. - May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run - as a non-root user. If true, the Kubelet will - validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no - such validation will be performed. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the - container process. Defaults to user specified - in image metadata if unspecified. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in - SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to - all containers. If unspecified, the container - runtime will allocate a random SELinux context - for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot - be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set - when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile - defined in a file on the node should be used. - The profile must be preconfigured on the node - to work. Must be a descending path, relative - to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". - Must NOT be set for any other type. - type: string - type: - description: "type indicates which kind of seccomp - profile will be applied. Valid options are: - \n Localhost - a profile defined in a file - on the node should be used. RuntimeDefault - - the container runtime default profile should - be used. Unconfined - no profile should be - applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first - process run in each container, in addition to - the container's primary GID, the fsGroup (if specified), - and group memberships defined in the container - image for the uid of the container process. If - unspecified, no additional groups are added to - any container. Note that group memberships defined - in the container image for the uid of the container - process are still effective, even if they are - not included in this list. Note that this field - cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls - used for the pod. Pods with unsupported sysctls - (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name - is windows. - items: - description: Sysctl defines a kernel parameter - to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied - to all containers. If unspecified, the options - within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name - is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the - GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential - spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container - should be run as a 'Host Process' container. - All of a Pod's containers must have the same - effective HostProcess value (it is not allowed - to have a mix of HostProcess containers and - non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must - also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run - the entrypoint of the container process. Defaults - to the user specified in image metadata if - unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes - precedence. - type: string - type: object - type: object - serviceAccountAnnotations: - additionalProperties: - type: string - description: ServiceAccountAnnotations are the annotations - that will be attached with the respective ServiceAccount - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the - ServiceAccount to use to run this pod. More info: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to - tolerates any taint that matches the triple - using the matching operator . - properties: - effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and - Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the - period of time the toleration (which must be - of effect NoExecute, otherwise this field is - ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value - should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how - a group of pods ought to spread across topology domains. - Scheduler will schedule pods in a way which abides - by the constraints. All topologySpreadConstraints - are ANDed. - items: - description: TopologySpreadConstraint specifies how - to spread matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are - counted to determine the number of pods in their - corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label - keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those key-value - labels are ANDed with labelSelector to select - the group of existing pods over which spreading - will be calculated for the incoming pod. The - same key is forbidden to exist in both MatchLabelKeys - and LabelSelector. MatchLabelKeys cannot be - set when LabelSelector isn't set. Keys that - don't exist in the incoming pod labels will - be ignored. A null or empty list means only - match against labelSelector. \n This is a beta - field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to - which pods may be unevenly distributed. When - `whenUnsatisfiable=DoNotSchedule`, it is the - maximum permitted difference between the number - of matching pods in the target topology and - the global minimum. The global minimum is the - minimum number of matching pods in an eligible - domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to - zone3 to become 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default - value is 1 and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible - domains with matching topology keys is less - than minDomains, Pod Topology Spread treats - \"global minimum\" as 0, and then the calculation - of Skew is performed. And when the number of - eligible domains with matching topology keys - equals or greater than minDomains, this value - has no effect on scheduling. As a result, when - the number of eligible domains is less than - minDomains, scheduler won't schedule more than - maxSkew Pods to those domains. If value is nil, - the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than - 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a - 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 | | - \ P P | P P | P P | The number of domains - is less than 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, new pod - with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new - Pod is scheduled to any of the three zones, - it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread - feature gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how - we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options - are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. All nodes - are included in the calculations. \n If this - value is nil, the behavior is equivalent to - the Honor policy. This is a beta-level feature - default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we - will treat node taints when calculating pod - topology spread skew. Options are: - Honor: - nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, - are included. - Ignore: node taints are ignored. - All nodes are included. \n If this value is - nil, the behavior is equivalent to the Ignore - policy. This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods into - each bucket. We define a domain as a particular - instance of a topology. Also, we define an eligible - domain as a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, - if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. It's - a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how - to deal with a pod if it doesn''t satisfy the - spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any - location, but giving higher precedence to topologies - that would help reduce the skew. A constraint - is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some - topology. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod can only - be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can - still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - type: object - type: object - sessionHistoryLimit: - default: 1 - description: SessionHistoryLimit specifies how many BackupVerificationSessions - and associate resources KubeStash should keep for debugging - purpose. The default value is 1. - format: int32 - type: integer - tasks: - description: Tasks specifies a list of restore tasks and their - configuration parameters for backup verification. - items: - description: TaskReference specifies a task and its configuration - parameters - properties: - addonVolumes: - description: AddonVolumes lets you overwrite the volume - sources used in the VolumeTemplate section of Addon. - Make sure that name of your volume matches with the - name of the volume you want to overwrite. - items: - description: AddonVolumeInfo specifies the name and - the source of volume - properties: - name: - description: Name specifies the name of the volume - type: string - source: - description: Source specifies the source of this - volume. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the - data disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of data - disk in the blob storage - type: string - fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified + by this field, but it may choose a + node that violates one or more of + the expressions. The node that is + most preferred is the one with the + greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" + to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of + the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, + matchLabelKeys cannot be + set when labelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, + mismatchLabelKeys cannot + be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query + over the set of namespaces + that the term applies to. + The term is applied to the + union of the namespaces + selected by this field and + the ones listed in the namespaces + field. null selector and + null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied + to the union of the namespaces + listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces + list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on + a node whose value of the + label with key topologyKey + matches that of any node + on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the + affinity requirements specified by + this field cease to be met at some + point during pod execution (e.g. due + to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there + are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `labelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity + scheduling rules (e.g. avoid putting this + pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a + node that violates one or more of + the expressions. The node that is + most preferred is the one with the + greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), + compute a sum by iterating through + the elements of this field and adding + "weight" to the sum if the node has + pods which matches the corresponding + podAffinityTerm; the node(s) with + the highest sum are the most preferred. + items: + description: The weights of all of + the matched WeightedPodAffinityTerm + fields are added per-node to find + the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query + over a set of resources, + in this case pods. If it's + null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods + which pods will be taken + into consideration for the + incoming pod's pod (anti) + affinity. Keys that don't + exist in the incoming pod + labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, + matchLabelKeys cannot be + set when labelSelector isn't + set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys + to select which pods will + be taken into consideration. + The keys are used to lookup + values from the incoming + pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to + select the group of existing + pods which pods will be + taken into consideration + for the incoming pod's pod + (anti) affinity. Keys that + don't exist in the incoming + pod labels will be ignored. + The default value is empty. + The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, + mismatchLabelKeys cannot + be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query + over the set of namespaces + that the term applies to. + The term is applied to the + union of the namespaces + selected by this field and + the ones listed in the namespaces + field. null selector and + null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied + to the union of the namespaces + listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces + list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should + be co-located (affinity) + or not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on + a node whose value of the + label with key topologyKey + matches that of any node + on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated + with matching the corresponding + podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the + anti-affinity requirements specified + by this field cease to be met at some + point during pod execution (e.g. due + to a pod label update), the system + may or may not try to eventually evict + the pod from its node. When there + are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must + be satisfied. + items: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. If it's null, this + PodAffinityTerm matches with + no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is + a set of pod label keys to select + which pods will be taken into + consideration. The keys are + used to lookup values from the + incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select + the group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys + is a set of pod label keys to + select which pods will be taken + into consideration. The keys + are used to lookup values from + the incoming pod labels, those + key-value labels are merged + with `labelSelector` as `key + notin (value)` to select the + group of existing pods which + pods will be taken into consideration + for the incoming pod's pod (anti) + affinity. Keys that don't exist + in the incoming pod labels will + be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha + field and requires enabling + MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is + applied to the union of the + namespaces selected by this + field and the ones listed in + the namespaces field. null selector + and null or empty namespaces + list means "this pod's namespace". + An empty selector ({}) matches + all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key and + values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to a + set of values. Valid + operators are In, + NotIn, Exists and + DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, the + values array must + be non-empty. If the + operator is Exists + or DoesNotExist, the + values array must + be empty. This array + is replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in + the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union + of the namespaces listed in + this field and the ones selected + by namespaceSelector. null or + empty namespaces list and null + namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be + co-located (affinity) or not + co-located (anti-affinity) with + the pods matching the labelSelector + in the specified namespaces, + where co-located is defined + as running on a node whose value + of the label with key topologyKey + matches that of any node on + which any of the selected pods + is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object type: object - azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the + variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + containerSecurityContext: + description: 'Security options the pod should + run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: + 1) run as Privileged 2) has CAP_SYS_ADMIN + Note that this field cannot be set when + spec.os.name is windows.' type: boolean - secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key - type: string - shareName: - description: shareName is the azure share - Name + appArmorProfile: + description: appArmorProfile is the AppArmor + options to use by this container. If set, + this profile overrides the pod's appArmorProfile. + Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile loaded on the node that + should be used. The profile must be + preconfigured on the node to work. + Must match the loaded name of the + profile. Must be set if and only if + type is "Localhost". + type: string + type: + description: 'type indicates which kind + of AppArmor profile will be applied. + Valid options are: Localhost - a profile + pre-loaded on the node. RuntimeDefault + - the container runtime''s default + profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop + when running containers. Defaults to the + default set of capabilities granted by + the container runtime. Note that this + field cannot be set when spec.os.name + is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on + the host. Defaults to false. Note that + this field cannot be set when spec.os.name + is windows. + type: boolean + procMount: + description: procMount denotes the type + of proc mount to use for the containers. + The default is DefaultProcMount which + uses the container runtime defaults for + readonly paths and masked paths. This + requires the ProcMountType feature flag + to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string - required: - - secretName - - shareName + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default is + false. Note that this field cannot be + set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the + container if it does. If unset or false, + no such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to + user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to the container. If unspecified, the + container runtime will allocate a random + SELinux context for each container. May + also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this field + cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use + by this container. If seccomp options + are provided at both the pod & container + level, the container options override + the pod options. Note that this field + cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the + node should be used. The profile must + be preconfigured on the node to work. + Must be a descending path, relative + to the kubelet's configured seccomp + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. + Valid options are: \n Localhost - + a profile defined in a file on the + node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options from the PodSecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run as a + 'Host Process' container. All of a + Pod's containers must have the same + effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. + May also be set in PodSecurityContext. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object type: object - cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime + dnsConfig: + description: Specifies the DNS parameters of + a pod. Parameters specified here will be merged + to the generated DNS configuration based on + DNSPolicy. properties: - monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + nameservers: + description: A list of DNS name server IP + addresses. This will be appended to the + base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + description: A list of DNS resolver options. + This will be merged with the base options + generated from DNSPolicy. Duplicated entries + will be removed. Resolution options given + in Options will override those that appear + in the base DNSPolicy. items: + description: PodDNSConfigOption defines + DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + description: A list of DNS search domains + for host-name lookup. This will be appended + to the base search paths generated from + DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults + to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', + 'ClusterFirst', 'Default' or 'None'. DNS parameters + given in DNSConfig will be merged with the + policy selected with DNSPolicy. To have DNS + options set along with hostNetwork, you have + to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether + information about services should be injected + into pod''s environment variables, matching + the syntax of Docker links. Optional: Defaults + to true.' + type: boolean + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. + Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this + pod. Use the host's network namespace. If + this option is set, the ports that will be + used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. + Optional: Default to false.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional + list of references to secrets in the same + namespace to use for pulling any of the images + used by this PodSpec. If specified, these + secrets will be passed to individual puller + implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains + enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'List of initialization containers + belonging to the pod. Init containers are + executed in order prior to containers being + started. If any init container fails, the + pod is considered to have failed and is handled + according to its restartPolicy. The name for + an init container or normal container must + be unique among all containers. Init containers + may not have Lifecycle actions, Readiness + probes, or Liveness probes. The resourceRequirements + of an init container are taken into account + during scheduling by finding the highest request/limit + for each resource type, and then using the + max of of that value or the sum of the normal + containers. Limits are applied to init containers + in a similar fashion. Init containers cannot + currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container + that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. + The container image''s CMD is used if + this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be + resolved, the reference in the input + string will be unchanged. Double $$ + are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless + of whether the variable exists or not. + Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + description: 'Entrypoint array. Not executed + within a shell. The container image''s + ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + description: List of environment variables + to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment + variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references + $(VAR_NAME) are expanded using + the previously defined environment + variables in the container and + any service environment variables. + If a variable cannot be resolved, + the reference in the input string + will be unchanged. Double $$ are + reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". + Escaped references will never + be expanded, regardless of whether + the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used + if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of + a ConfigMap. + properties: + key: + description: The key to + select. + type: string + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field + of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory + and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of + a secret in the pod's namespace + properties: + key: + description: The key of + the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + description: List of sources to populate + environment variables in the container. + The keys defined within a source must + be a C_IDENTIFIER. All invalid keys + will be reported as an event when the + container is starting. When a key exists + in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be + updated. + items: + description: EnvFromSource represents + the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select + from + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier + to prepend to each key in the + ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select + from + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether + the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + description: 'Container image name. More + info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher + level config management to default or + override container images in workload + controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of + Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be + updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management + system should take in response to container + lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called + immediately after a container is + created. If the handler fails, the + container is terminated and restarted + according to its restart policy. + Other management of the container + blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the + action to take. + properties: + command: + description: Command is the + command line to execute + inside the container, the + working directory for the + command is root ('/') in + the container's filesystem. + The command is simply exec'd, + it is not run inside a shell, + so traditional shell instructions + ('|', etc) won't work. To + use a shell, you need to + explicitly call out to that + shell. Exit status of 0 + is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies + the http request to perform. + properties: + host: + description: Host name to + connect to, defaults to + the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers + to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader + describes a custom header + to be used in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access + on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use + for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket + is NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this + field and lifecycle hooks will + fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host + name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated + due to an API request or management + event such as liveness/startup probe + failure, preemption, resource contention, + etc. The handler is not called if + the container crashes or exits. + The Pod''s termination grace period + countdown begins before the PreStop + hook is executed. Regardless of + the outcome of the handler, the + container will eventually terminate + within the Pod''s termination grace + period (unless delayed by finalizers). + Other management of the container + blocks until the hook completes + or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the + action to take. + properties: + command: + description: Command is the + command line to execute + inside the container, the + working directory for the + command is root ('/') in + the container's filesystem. + The command is simply exec'd, + it is not run inside a shell, + so traditional shell instructions + ('|', etc) won't work. To + use a shell, you need to + explicitly call out to that + shell. Exit status of 0 + is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies + the http request to perform. + properties: + host: + description: Host name to + connect to, defaults to + the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers + to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader + describes a custom header + to be used in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access + on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use + for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents + the duration that the container + should sleep before being terminated. + properties: + seconds: + description: Seconds is the + number of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket + is NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this + field and lifecycle hooks will + fail in runtime when tcp handler + is specified. + properties: + host: + description: 'Optional: Host + name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name + of the port to access on + the container. Number must + be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container + liveness. Container will be restarted + if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The + command is simply exec'd, it + is not run inside a shell, so + traditional shell instructions + ('|', etc) won't work. To use + a shell, you need to explicitly + call out to that shell. Exit + status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action + involving a GRPC port. + properties: + port: + description: Port number of the + gRPC service. Number must be + in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name + of the service to place in the + gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, + the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the + http request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. + You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to + set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes + a custom header to be used + in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on + the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for + connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after + the container has started before + liveness probes are initiated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) + to perform the probe. Default to + 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to + 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an + action involving a TCP port. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in + seconds the pod needs to terminate + gracefully upon probe failure. The + grace period is the duration in + seconds after the processes running + in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill + signal. Set this value longer than + the expected cleanup time for your + process. If this value is nil, the + pod's terminationGracePeriodSeconds + will be used. Otherwise, this value + overrides the value provided by + the pod spec. Value must be non-negative + integer. The value zero indicates + stop immediately via the kill signal + (no opportunity to shut down). This + is a beta field and requires enabling + ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after + which the probe times out. Defaults + to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified + as a DNS_LABEL. Each container in a + pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string - type: array - path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. - items: - description: Maps a string key to a path - within a volume. + ports: + description: List of ports to expose from + the container. Not specifying a port + here DOES NOT prevent that port from + being exposed. Any port which is listening + on the default "0.0.0.0" address inside + a container will be accessible from + the network. Modifying this array with + strategic merge patch may corrupt the + data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents + a network port in a single container. + properties: + containerPort: + description: Number of port to expose + on the pod's IP address. This + must be a valid port number, 0 + < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind + the external port to. + type: string + hostPort: + description: Number of port to expose + on the host. If specified, this + must be a valid port number, 0 + < x < 65536. If HostNetwork is + specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this + must be an IANA_SVC_NAME and unique + within the pod. Each named port + in a pod must have a unique name. + Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. + Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container + service readiness. Container will be + removed from service endpoints if the + probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The + command is simply exec'd, it + is not run inside a shell, so + traditional shell instructions + ('|', etc) won't work. To use + a shell, you need to explicitly + call out to that shell. Exit + status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action + involving a GRPC port. + properties: + port: + description: Port number of the + gRPC service. Number must be + in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name + of the service to place in the + gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, + the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the + http request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. + You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to + set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes + a custom header to be used + in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on + the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for + connecting to the host. Defaults + to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after + the container has started before + liveness probes are initiated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) + to perform the probe. Default to + 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to + 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an + action involving a TCP port. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in + seconds the pod needs to terminate + gracefully upon probe failure. The + grace period is the duration in + seconds after the processes running + in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill + signal. Set this value longer than + the expected cleanup time for your + process. If this value is nil, the + pod's terminationGracePeriodSeconds + will be used. Otherwise, this value + overrides the value provided by + the pod spec. Value must be non-negative + integer. The value zero indicates + stop immediately via the kill signal + (no opportunity to shut down). This + is a beta field and requires enabling + ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after + which the probe times out. Defaults + to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for + the container. + items: + description: ContainerResizePolicy represents + resource resize policy for the container. + properties: + resourceName: + description: 'Name of the resource + to which this resource resize + policy applies. Supported values: + cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply + when specified resource is resized. + If not specified, it defaults + to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required + by this container. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names + of resources, defined in spec.resourceClaims, + that are used by this container. + \n This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match + the name of one entry in pod.spec.resourceClaims + of the Pod where this field + is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the + maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted + for a container, it defaults to + Limits if that is explicitly specified, + otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restartPolicy: + description: 'RestartPolicy defines the + restart behavior of individual containers + in a pod. This field may only be set + for init containers, and the only allowed + value is "Always". For non-init containers + or when this field is not specified, + the restart behavior is defined by the + Pod''s restart policy and the container + type. Setting the RestartPolicy as "Always" + for the init container will have the + following effect: this init container + will be continually restarted on exit + until all regular containers have terminated. + Once all regular containers have completed, + all init containers with restartPolicy + "Always" will be shut down. This lifecycle + differs from normal init containers + and is often referred to as a "sidecar" + container. Although this init container + still starts in the init container sequence, + it does not wait for the container to + complete before proceeding to the next + init container. Instead, the next init + container starts immediately after this + init container is started, or after + any startupProbe has successfully completed.' + type: string + securityContext: + description: 'SecurityContext defines + the security options the container should + be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation + controls whether a process can gain + more privileges than its parent + process. This bool directly controls + if the no_new_privs flag will be + set on the container process. AllowPrivilegeEscalation + is true always when the container + is: 1) run as Privileged 2) has + CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name + is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the + AppArmor options to use by this + container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile + indicates a profile loaded on + the node that should be used. + The profile must be preconfigured + on the node to work. Must match + the loaded name of the profile. + Must be set if and only if type + is "Localhost". + type: string + type: + description: 'type indicates which + kind of AppArmor profile will + be applied. Valid options are: + Localhost - a profile pre-loaded + on the node. RuntimeDefault + - the container runtime''s default + profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop + when running containers. Defaults + to the default set of capabilities + granted by the container runtime. + Note that this field cannot be set + when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root + on the host. Defaults to false. + Note that this field cannot be set + when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the + type of proc mount to use for the + containers. The default is DefaultProcMount + which uses the container runtime + defaults for readonly paths and + masked paths. This requires the + ProcMountType feature flag to be + enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container + has a read-only root filesystem. + Default is false. Note that this + field cannot be set when spec.os.name + is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set + in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this + field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If + true, the Kubelet will validate + the image at runtime to ensure that + it does not run as UID 0 (root) + and fail to start the container + if it does. If unset or false, no + such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults + to user specified in image metadata + if unspecified. May also be set + in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this + field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to + be applied to the container. If + unspecified, the container runtime + will allocate a random SELinux context + for each container. May also be + set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. Note that this + field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux + level label that applies to + the container. + type: string + role: + description: Role is a SELinux + role label that applies to the + container. + type: string + type: + description: Type is a SELinux + type label that applies to the + container. + type: string + user: + description: User is a SELinux + user label that applies to the + container. + type: string + type: object + seccompProfile: + description: The seccomp options to + use by this container. If seccomp + options are provided at both the + pod & container level, the container + options override the pod options. + Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile + indicates a profile defined + in a file on the node should + be used. The profile must be + preconfigured on the node to + work. Must be a descending path, + relative to the kubelet's configured + seccomp profile location. Must + be set if type is "Localhost". + Must NOT be set for any other + type. + type: string + type: + description: "type indicates which + kind of seccomp profile will + be applied. Valid options are: + \n Localhost - a profile defined + in a file on the node should + be used. RuntimeDefault - the + container runtime default profile + should be used. Unconfined - + no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific + settings applied to all containers. + If unspecified, the options from + the PodSecurityContext will be used. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + Note that this field cannot be set + when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec + is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the + GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run + as a 'Host Process' container. + All of a Pod's containers must + have the same effective HostProcess + value (it is not allowed to + have a mix of HostProcess containers + and non-HostProcess containers). + In addition, if HostProcess + is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the + container process. Defaults + to the user specified in image + metadata if unspecified. May + also be set in PodSecurityContext. + If set in both SecurityContext + and PodSecurityContext, the + value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that + the Pod has successfully initialized. + If specified, no other probes are executed + until this completes successfully. If + this probe fails, the Pod will be restarted, + just as if the livenessProbe failed. + This can be used to provide different + probe parameters at the beginning of + a Pod''s lifecycle, when it might take + a long time to load data or warm a cache, + than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The + command is simply exec'd, it + is not run inside a shell, so + traditional shell instructions + ('|', etc) won't work. To use + a shell, you need to explicitly + call out to that shell. Exit + status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume - properties: - defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer - items: - description: Items is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name and namespace are supported.' + grpc: + description: GRPC specifies an action + involving a GRPC port. properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". + port: + description: Port number of the + gRPC service. Number must be + in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name + of the service to place in the + gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, + the default behavior is defined + by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the + http request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. + You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to + set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes + a custom header to be used + in HTTP probes + properties: + name: + description: The header + field name. This will + be canonicalized upon + output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header + field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on + the HTTP server. type: string - fieldPath: - description: Path of the field - to select in the specified API - version. + port: + anyOf: + - type: integer + - type: string + description: Name or number of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for + connecting to the host. Defaults + to HTTP. type: string required: - - fieldPath + - port type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' + initialDelaySeconds: + description: 'Number of seconds after + the container has started before + liveness probes are initiated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' + periodSeconds: + description: How often (in seconds) + to perform the probe. Default to + 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to + 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an + action involving a TCP port. properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' type: string - divisor: + port: anyOf: - type: integer - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + description: Number or name of + the port to access on the container. + Number must be in the range + 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string required: - - resource + - port type: object - x-kubernetes-map-type: atomic - required: - - path + terminationGracePeriodSeconds: + description: Optional duration in + seconds the pod needs to terminate + gracefully upon probe failure. The + grace period is the duration in + seconds after the processes running + in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill + signal. Set this value longer than + the expected cleanup time for your + process. If this value is nil, the + pod's terminationGracePeriodSeconds + will be used. Otherwise, this value + overrides the value provided by + the pod spec. Value must be non-negative + integer. The value zero indicates + stop immediately via the kill signal + (no opportunity to shut down). This + is a beta field and requires enabling + ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after + which the probe times out. Defaults + to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. + stdin: + description: Whether this container should + allocate a buffer for stdin in the container + runtime. If this is not set, reads from + stdin in the container will always result + in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime + should close the stdin channel after + it has been opened by a single attach. + When stdin is true the stdin stream + will remain open across multiple attach + sessions. If stdinOnce is set to true, + stdin is opened on container start, + is empty until the first client attaches + to stdin, and then remains open and + accepts data until the client disconnects, + at which time stdin is closed and remains + closed until the container is restarted. + If this flag is false, a container processes + that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which + the file to which the container''s termination + message will be written is mounted into + the container''s filesystem. Message + written is intended to be brief final + status, such as an assertion failure + message. Will be truncated by the node + if greater than 4096 bytes. The total + message length across all containers + will be limited to 12kb. Defaults to + /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination + message should be populated. File will + use the contents of terminationMessagePath + to populate the container status message + on both success and failure. FallbackToLogsOnError + will use the last chunk of container + log output if the termination message + file is empty and the container exited + with an error. The log output is limited + to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot + be updated. + type: string + tty: + description: Whether this container should + allocate a TTY for itself, also requires + 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list + of block devices to be used by the container. + items: + description: volumeDevice describes + a mapping of a raw block device within + a container. properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + devicePath: + description: devicePath is the path + inside of the container that the + device will be mapped to. type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: name must match the + name of a persistentVolumeClaim + in the pod type: string - namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + description: Pod volumes to mount into + the container's filesystem. Cannot be + updated. + items: + description: VolumeMount describes a + mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be + mounted. Must not contain ':'. type: string - ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. - items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. - properties: - apiVersion: - description: API version of - the referent. - type: string - blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. - type: boolean - controller: - description: If true, this - reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array + mountPropagation: + description: mountPropagation determines + how mounts are propagated from + the host to container and the + other way around. When not set, + MountPropagationNone is used. + This field is beta in 1.10. When + RecursiveReadOnly is set to IfPossible + or to Enabled, MountPropagation + must be None or unspecified (which + defaults to None). + type: string + name: + description: This must match the + Name of a Volume. + type: string + readOnly: + description: Mounted read-only if + true, read-write otherwise (false + or unspecified). Defaults to false. + type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly + specifies whether read-only mounts + should be handled recursively. + \n If ReadOnly is false, this + field has no meaning and must + be unspecified. \n If ReadOnly + is true, and this field is set + to Disabled, the mount is not + made recursively read-only. If + this field is set to IfPossible, + the mount is made recursively + read-only, if it is supported + by the container runtime. If + this field is set to Enabled, + the mount is made recursively + read-only if it is supported by + the container runtime, otherwise + the pod will not be started and + an error will be generated to + indicate the reason. \n If this + field is set to IfPossible or + Enabled, MountPropagation must + be set to None (or be unspecified, + which defaults to None). \n If + this field is not specified, it + is treated as an equivalent of + Disabled." + type: string + subPath: + description: Path within the volume + from which the container's volume + should be mounted. Defaults to + "" (volume's root). + type: string + subPathExpr: + description: Expanded path within + the volume from which the container's + volume should be mounted. Behaves + similarly to SubPath but environment + variable references $(VAR_NAME) + are expanded using the container's + environment. Defaults to "" (volume's + root). SubPathExpr and SubPath + are mutually exclusive. + type: string + required: + - mountPath + - name type: object - spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label - query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + description: Container's working directory. + If not specified, the container runtime's + default will be used, which might be + configured in the container image. Cannot + be updated. + type: string + required: + - name + type: object + type: array + lifecycle: + description: Actions that the management system + should take in response to container lifecycle + events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately + after a container is created. If the handler + fails, the container is terminated and + restarted according to its restart policy. + Other management of the container blocks + until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately + before a container is terminated due to + an API request or management event such + as liveness/startup probe failure, preemption, + resource contention, etc. The handler + is not called if the container crashes + or exits. The Pod''s termination grace + period countdown begins before the PreStop + hook is executed. Regardless of the outcome + of the handler, the container will eventually + terminate within the Pod''s termination + grace period (unless delayed by finalizers). + Other management of the container blocks + until the hook completes or until the + termination grace period is reached. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action + to take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood + as the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the + HTTP server. type: string - volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. + port: + anyOf: + - type: integer + - type: string + description: Name or number of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. + required: + - port + type: object + sleep: + description: Sleep represents the duration + that the container should sleep before + being terminated. + properties: + seconds: + description: Seconds is the number + of seconds to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the + port to access on the container. + Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. + Controllers may set default LivenessProbe + if no liveness probe is provided. To ignore + defaulting, set the value to empty LivenessProbe + "{}". Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of + the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. + Selector which must match a node''s labels + for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic + podPlacementPolicy: + description: PodPlacementPolicy is the reference + of the podPlacementPolicy + properties: + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type with + an empty value here are almost certainly + wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + priority: + description: The priority value. Various system + components use this field to find the priority + of the pod. When Priority Admission Controller + is enabled, it prevents users from setting + this field. The admission controller populates + this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's + priority. "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the + highest priorities with the former being the + highest priority. Any other name must be defined + by creating a PriorityClass object with that + name. If not specified, the pod priority will + be default or zero if there is no default. + type: string + readinessProbe: + description: 'Periodic probe of container service + readiness. Container will be removed from + service endpoints if the probe fails. Cannot + be updated. Controllers may set default ReadinessProbe + if no readyness probe is provided. To ignore + defaulting, set the value to empty ReadynessProbe + "{}". More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to + take. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC + service. Number must be in the range + 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of + the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http + request to perform. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name. This will be canonicalized + upon output, so case-variant + names will be understood as + the same header. + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action + involving a TCP port. + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number + must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by the + sidecar container. + properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n This + is an alpha field and requires enabling + the DynamicResourceAllocation feature + gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should + be used to run this pod. If no RuntimeClass + resource matches the named class, the pod + will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit + class with an empty definition that uses the + default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, + the pod will be dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level + security attributes and common container settings. + Optional: Defaults to empty. See type description + for default values of each field.' + properties: + appArmorProfile: + description: appArmorProfile is the AppArmor + options to use by the containers in this + pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile loaded on the node that + should be used. The profile must be + preconfigured on the node to work. + Must match the loaded name of the + profile. Must be set if and only if + type is "Localhost". + type: string + type: + description: 'type indicates which kind + of AppArmor profile will be applied. + Valid options are: Localhost - a profile + pre-loaded on the node. RuntimeDefault + - the container runtime''s default + profile. Unconfined - no AppArmor + enforcement.' + type: string required: - - spec + - type + type: object + fsGroup: + description: "A special supplemental group + that applies to all containers in a pod. + Some volume types allow the Kubelet to + change the ownership of that volume to + be owned by the pod: \n 1. The owning + GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume + will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership + and permissions of any volume. Note that + this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines + behavior of changing ownership and permission + of the volume before being exposed inside + Pod. This field will only apply to volume + types which support fsGroup based ownership(and + permissions). It will have no effect on + ephemeral volume types such as: secret, + configmaps and emptydir. Valid values + are "OnRootMismatch" and "Always". If + not specified, "Always" is used. Note + that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence for that container. Note + that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the + container if it does. If unset or false, + no such validation will be performed. + May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to + user specified in image metadata if unspecified. + May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence for that container. Note + that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied + to all containers. If unspecified, the + container runtime will allocate a random + SELinux context for each container. May + also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence for that container. Note + that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use + by the containers in this pod. Note that + this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the + node should be used. The profile must + be preconfigured on the node to work. + Must be a descending path, relative + to the kubelet's configured seccomp + profile location. Must be set if type + is "Localhost". Must NOT be set for + any other type. + type: string + type: + description: "type indicates which kind + of seccomp profile will be applied. + Valid options are: \n Localhost - + a profile defined in a file on the + node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to + the first process run in each container, + in addition to the container's primary + GID, the fsGroup (if specified), and group + memberships defined in the container image + for the uid of the container process. + If unspecified, no additional groups are + added to any container. Note that group + memberships defined in the container image + for the uid of the container process are + still effective, even if they are not + included in this list. Note that this + field cannot be set when spec.os.name + is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: Sysctls hold a list of namespaced + sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might + fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to + set + type: string + value: + description: Value of a property to + set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: The Windows specific settings + applied to all containers. If unspecified, + the options within a container's SecurityContext + will be used. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run as a + 'Host Process' container. All of a + Pod's containers must have the same + effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). + In addition, if HostProcess is true + then HostNetwork must also be set + to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. + May also be set in PodSecurityContext. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string type: object type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target - lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' - items: + serviceAccountName: + description: 'ServiceAccountName is the name + of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + shareProcessNamespace: + description: 'Share a single process namespace + between all of the containers in a pod. When + this is set containers will be able to view + and signal processes from other containers + in the same pod, and the first process in + each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both + be set. Optional: Default to false.' + type: boolean + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully. May be + decreased in delete request. Value must be + non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). If this value is nil, the default + grace period will be used instead. The grace + period is the duration in seconds after the + processes running in the pod are sent a termination + signal and the time when the processes are + forcibly halted with a kill signal. Set this + value longer than the expected cleanup time + for your process. Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the + triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. type: string - type: array - wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: + key: + description: Key is the taint key that + the toleration applies to. Empty means + match all taint keys. If the key is + empty, operator must be Exists; this + combination means to match all values + and all keys. type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. - properties: - driver: - description: driver is the name of the driver - to use for this volume. - type: string - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. - type: string - options: - additionalProperties: + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for + value, so that a pod can tolerate all + taints of a particular category. type: string - description: 'options is Optional: this - field holds extra command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the + taint. By default, it is not set, which + means tolerate the taint forever (do + not evict). Zero and negative values + will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value + the toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes + how a group of pods ought to spread across + topology domains. Scheduler will schedule + pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + properties: + labelSelector: + description: LabelSelector is used to + find matching pods. Pods that match + this label selector are counted to determine + the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set + of pod label keys to select the pods + over which spreading will be calculated. + The keys are used to lookup values from + the incoming pod labels, those key-value + labels are ANDed with labelSelector + to select the group of existing pods + over which spreading will be calculated + for the incoming pod. The same key is + forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. + Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against + labelSelector. \n This is a beta field + and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled + by default)." + items: type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running - properties: - datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target - Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - items: + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree + to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference + between the number of matching pods + in the target topology and the global + minimum. The global minimum is the minimum + number of matching pods in an eligible + domain or zero if the number of eligible + domains is less than MinDomains. For + example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same + labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 + | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can + only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto + any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence + to topologies that satisfy it. It''s + a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum + number of eligible domains. When the + number of eligible domains with matching + topology keys is less than minDomains, + Pod Topology Spread treats \"global + minimum\" as 0, and then the calculation + of Skew is performed. And when the number + of eligible domains with matching topology + keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible + domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods + to those domains. If value is nil, the + constraint behaves as if MinDomains + is equal to 1. Valid values are integers + greater than 0. When value is not nil, + WhenUnsatisfiable must be DoNotSchedule. + \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set + to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 + | | P P | P P | P P | The number + of domains is less than 5(MinDomains), + so \"global minimum\" is treated as + 0. In this situation, new pod with the + same labelSelector cannot be scheduled, + because computed skew will be 3(3 - + 0) if new Pod is scheduled to any of + the three zones, it will violate MaxSkew." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates + how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread + skew. Options are: - Honor: only nodes + matching nodeAffinity/nodeSelector are + included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. + All nodes are included in the calculations. + \n If this value is nil, the behavior + is equivalent to the Honor policy. This + is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates + how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along + with tainted nodes for which the incoming + pod has a toleration, are included. + - Ignore: node taints are ignored. All + nodes are included. \n If this value + is nil, the behavior is equivalent to + the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of + node labels. Nodes that have a label + with this key and identical values are + considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods + into each bucket. We define a domain + as a particular instance of a topology. + Also, we define an eligible domain as + a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates + how to deal with a pod if it doesn''t + satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells + the scheduler to schedule the pod in + any location, but giving higher precedence + to topologies that would help reduce + the skew. A constraint is considered + "Unsatisfiable" for an incoming pod + if and only if every possible node assignment + for that pod would violate "MaxSkew" + on some topology. For example, in a + 3-zone cluster, MaxSkew is set to 1, + and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 + | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still + be imbalanced, but scheduler won''t + make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. When + RecursiveReadOnly is set to IfPossible + or to Enabled, MountPropagation must + be None or unspecified (which defaults + to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly specifies + whether read-only mounts should be handled + recursively. \n If ReadOnly is false, + this field has no meaning and must be + unspecified. \n If ReadOnly is true, + and this field is set to Disabled, the + mount is not made recursively read-only. + \ If this field is set to IfPossible, + the mount is made recursively read-only, + if it is supported by the container + runtime. If this field is set to Enabled, + the mount is made recursively read-only + if it is supported by the container + runtime, otherwise the pod will not + be started and an error will be generated + to indicate the reason. \n If this field + is set to IfPossible or Enabled, MountPropagation + must be set to None (or be unspecified, + which defaults to None). \n If this + field is not specified, it is treated + as an equivalent of Disabled." + type: string + subPath: + description: Path within the volume from + which the container's volume should + be mounted. Defaults to "" (volume's + root). + type: string + subPathExpr: + description: Expanded path within the + volume from which the container's volume + should be mounted. Behaves similarly + to SubPath but environment variable + references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: 'List of volumes that can be mounted + by containers belonging to the pod. More info: + https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume + in a pod that may be accessed by any container + in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to mount. + If omitted, the default is to mount + by volume name. Examples: For volume + /dev/sda1, you specify the partition + as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can + leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true + will force the readOnly setting + in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID + of the persistent disk resource + in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure + Data Disk mount on the host and bind + mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host + Caching mode: None, Read Only, Read + Write.' + type: string + diskName: + description: diskName is the Name + of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of + data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values + are Shared: multiple blob disks + per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in + managed availability set). defaults + to shared' + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure + File Service mount on the host and bind + mount to the pod. + properties: + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name + of secret that contains Azure Storage + Account Name and Key + type: string + shareName: + description: shareName is the azure + share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph + FS mount on the host that shares a pod's + lifetime + properties: + monitors: + description: 'monitors is Required: + Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used + as the mounted root, rather than + the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: + SecretFile is the path to key ring + for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: + SecretRef is reference to the authentication + secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User + is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder + volume attached and mounted on kubelets + host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: + points to a secret object containing + parameters used to connect to OpenStack.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify + the volume in cinder. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 and + 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. Defaults + to 0644. Directories within the + path are not affected by this setting. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) + represents ephemeral storage that is + handled by certain external CSI drivers + (Beta feature). + properties: + driver: + description: driver is the name of + the CSI driver that handles this + volume. Consult with your admin + for the correct name as registered + in the cluster. + type: string + fsType: + description: fsType to mount. Ex. + "ext4", "xfs", "ntfs". If not provided, + the empty value is passed to the + associated CSI driver which will + determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef + is a reference to the secret object + containing sensitive information + to pass to the CSI driver to complete + the CSI NodePublishVolume and NodeUnpublishVolume + calls. This field is optional, and may + be empty if no secret is required. + If the secret object contains more + than one secret, all secret references + are passed. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a + read-only configuration for the + volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores + driver-specific properties that + are passed to the CSI driver. Consult + your driver's documentation for + supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward + API about the pod that should populate + this volume + properties: + defaultMode: + description: 'Optional: mode bits + to use on created files by default. + Must be a Optional: mode bits used + to set permissions on created files + by default. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. Defaults to 0644. Directories + within the path are not affected + by this setting. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward + API volume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are currently + supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a temporary + directory that shares a pod''s lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what + type of storage medium should back + this directory. The default is "" + which means to use the node''s default + medium. Must be an empty string + (default) or Memory. More info: + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total + amount of local storage required + for this EmptyDir volume. The size + limit is also applicable for memory + medium. The maximum usage on memory + medium EmptyDir would be the minimum + value between the SizeLimit specified + here and the sum of memory limits + of all containers in a pod. The + default is nil which means that + the limit is undefined. More info: + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume + that is handled by a cluster storage + driver. The volume's lifecycle is tied + to the pod that defines it - it will + be created before the pod starts, and + deleted when the pod is removed. \n + Use this if: a) the volume is only needed + while the pod runs, b) features of normal + volumes like restoring from snapshot + or capacity tracking are needed, c) + the storage driver is specified through + a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see + EphemeralVolumeSource for more information + on the connection between this volume + type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of + the vendor-specific APIs for volumes + that persist for longer than the lifecycle + of an individual pod. \n Use CSI for + light-weight local ephemeral volumes + if the CSI driver is meant to be used + that way - see the documentation of + the driver for more information. \n + A pod can use both types of ephemeral + volumes and persistent volumes at the + same time." + properties: + volumeClaimTemplate: + description: "Will be used to create + a stand-alone PVC to provision the + volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of + the PVC, i.e. the PVC will be deleted + together with the pod. The name + of the PVC will be `-` where `` is + the name from the `PodSpec.Volumes` + array entry. Pod validation will + reject the pod if the concatenated + name is not valid for a PVC (for + example, too long). \n An existing + PVC with that name that is not owned + by the pod will *not* be used for + the pod to avoid using an unrelated + volume by mistake. Starting the + pod is then blocked until the unrelated + PVC is removed. If such a pre-created + PVC is meant to be used by the pod, + the PVC has to updated with an owner + reference to the pod once the pod + exists. Normally this should not + be necessary, but it may be useful + when manually reconstructing a broken + cluster. \n This field is read-only + and no changes will be made by Kubernetes + to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels + and annotations that will be + copied into the PVC when creating + it. No other fields are allowed + and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations + is an unstructured key value + map stored with a resource + that may be set by external + tools to store and retrieve + arbitrary metadata. They + are not queryable and should + be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName + is an optional prefix, used + by the server, to generate + a unique name ONLY IF the + Name field has not been + provided. If this field + is used, the name returned + to the client will be different + than the name passed. This + value will also be combined + with a unique suffix. The + provided value has the same + validation rules as the + Name field, and may be truncated + by the length of the suffix + required to make the value + unique on the server. \n + If this field is specified + and the generated name exists, + the server will NOT return + a 409 - instead, it will + either return 201 Created + or 500 with Reason ServerTimeout + indicating a unique name + could not be found in the + time allotted, and the client + should retry (optionally + after the time indicated + in the Retry-After header). + \n Applied only if Name + is not specified. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can + be used to organize and + categorize (scope and select) + objects. May match selectors + of replication controllers + and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be + unique within a namespace. + Is required when creating + resources, although some + resources may allow a client + to request the generation + of an appropriate name automatically. + Name is primarily intended + for creation idempotence + and configuration definition. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines + the space within each name + must be unique. An empty + namespace is equivalent + to the \"default\" namespace, + but \"default\" is the canonical + representation. Not all + objects are required to + be scoped to a namespace + - the value of this field + for those objects will be + empty. \n Must be a DNS_LABEL. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. + If ALL objects in the list + have been deleted, this + object will be garbage collected. + If this object is managed + by a controller, then an + entry in this list will + point to this controller, + with the controller field + set to true. There cannot + be more than one managing + controller. + items: + description: OwnerReference + contains enough information + to let you identify an + owning object. An owning + object must be in the + same namespace as the + dependent, or be cluster-scoped, + so there is no namespace + field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner has + the "foregroundDeletion" + finalizer, then the + owner cannot be deleted + from the key-value + store until this reference + is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field and + enforces the foreground + deletion. Defaults + to false. To set this + field, a user needs + "delete" permission + of the owner, otherwise + 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, + this reference points + to the managing controller. + type: boolean + kind: + description: 'Kind of + the referent. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of + the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of + the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification + for the PersistentVolumeClaim. + The entire content is copied + unchanged into the PVC that + gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes + contains the desired access + modes the volume should + have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field + can be used to specify either: + * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an + external controller can + support the specified data + source, it will create a + new volume based on the + contents of the specified + data source. When the AnyVolumeDataSource + feature gate is enabled, + dataSource contents will + be copied to dataSourceRef, + and dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the volume + with data, if a non-empty + volume is desired. This + may be any object from a + non-empty API group (non + core object) or a PersistentVolumeClaim + object. When this field + is specified, volume binding + will only succeed if the + type of the specified object + matches some installed volume + populator or dynamic provisioner. + This field will replace + the functionality of the + dataSource field and as + such if both fields are + non-empty, they must have + the same value. For backwards + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the other + is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to + the same value and must + be empty. There are three + important differences between + dataSource and dataSourceRef: + * While dataSource only + allows two specific types + of objects, dataSourceRef + allows any non-core object, + as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, and + generates an error if a + disallowed value is specified. + * While dataSource only + allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field + requires the AnyVolumeDataSource + feature gate to be enabled. + (Alpha) Using the namespace + field of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the + reference. See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the + volume should have. If RecoverVolumeExpansionFailure + feature is enabled users + are allowed to specify resource + requirements that are lower + than previous value but + must still be higher than + capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of + compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests + describes the minimum + amount of compute resources + required. If Requests + is omitted for a container, + it defaults to Limits + if that is explicitly + specified, otherwise + to an implementation-defined + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a + label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, a + key, and an operator + that relates the key + and values. + properties: + key: + description: key + is the label key + that the selector + applies to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values + is an array of + string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an + element of matchExpressions, + whose key field is "key", + the operator is "In", + and the values array + contains only "value". + The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the + claim is created. An empty + string value means that + no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to + reset this field to empty + string once it is set. If + unspecified and the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass will + be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by the + modifyVolumeStatus field, + until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode defines + what type of volume is required + by the claim. Value of Filesystem + is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is + the binding reference to + the PersistentVolume backing + this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. TODO: how do we + prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC + target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: + FC target worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC volume + world wide identifiers (wwids) Either + wwids or combination of targetWWNs + and lun must be set, but not both + simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a generic + volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: + description: driver is the name of + the driver to use for this volume. + type: string + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + The default filesystem depends on + FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: + this field holds extra command options + if any.' + type: object + readOnly: + description: 'readOnly is Optional: + defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: + secretRef is reference to the secret + object containing sensitive information + to pass to the plugin scripts. This + may be empty if no secret object + is specified. If the secret object + contains more than one secret, all + secrets are passed to the plugin + scripts.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host + machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name of + the dataset stored as metadata -> + name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID + of the dataset. This is unique identifier + of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to mount. + If omitted, the default is to mount + by volume name. Examples: For volume + /dev/sda1, you specify the partition + as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can + leave the property empty). More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name + of the PD resource in GCE. Used + to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs + mount on the host that shares a pod''s + lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs + volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force + the Glusterfs volume to be mounted + with read-only permissions. Defaults + to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing + file or directory on the host machine + that is directly exposed to the container. + This is generally used for system agents + or other privileged things that are + allowed to see the host machine. Most + containers will NOT need this. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict + who can use host directory mounts and + who can/can not mount host directories + as read/write.' + properties: + path: + description: 'path of the directory + on the host. If the path is a symlink, + it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume + Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI + Disk resource that is attached to a + kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines + whether support iSCSI Session CHAP + authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the + custom iSCSI Initiator Name. If + initiatorName is specified with + iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI + Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the + interface Name that uses an iSCSI + transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI + Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI + Target Portal List. The portal is + either an IP or ip_addr:port if + the port is other than default (typically + TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP + Secret for iSCSI target and initiator + authentication + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI + Target Portal. The Portal is either + an IP or ip_addr:port if the port + is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must + be a DNS_LABEL and unique within the + pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - type: array - readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API - properties: - defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. - format: int32 - type: integer - sources: - description: sources is the list of volume - projections - items: - description: Projection that may be projected - along with other supported volume types + nfs: + description: 'nfs represents an NFS mount + on the host that shares a pod''s lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported + by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force + the NFS export to be mounted with + read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname + or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name + of a PersistentVolumeClaim in the + same namespace as the pod using + this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the + ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk attached + and mounted on kubelets host machine properties: - clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into - the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates within - the file is arbitrary, and Kubelet - may change the order over time." - properties: - labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents + a portworx volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fSType represents the + filesystem type to mount Must be + a filesystem type supported by the + host operating system. Ex. "ext4", + "xfs". Implicitly inferred to be + "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in + one resources secrets, configmaps, and + downward API + properties: + defaultMode: + description: defaultMode are the mode + bits used to set permissions on + created files by default. Must be + an octal value between 0000 and + 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. Directories + within the path are not affected + by this setting. This might be in + conflict with other options that + affect the file mode, like fsGroup, + and the result can be other mode + bits set. + format: int32 + type: integer + sources: + description: sources is the list of + volume projections + items: + description: Projection that may + be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization of + the PEM contents written into + the pod filesystem. Esoteric + PEM features such as inter-block + comments and block headers + are stripped. Certificates + are deduplicated. The ordering + of certificates within the + file is arbitrary, and Kubelet + may change the order over + time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles that + match this label selector. Only + has effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. items: - type: string + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, then - the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path from - the volume root to write the - bundle. - type: string - signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information - about the configMap data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - items: - description: Maps a string key - to a path within a volume. - properties: - key: - description: key is the - key to project. + x-kubernetes-map-type: atomic + name: + description: Select a single + ClusterTrustBundle by + object name. Mutually-exclusive + with signerName and labelSelector. type: string - mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer + optional: + description: If true, don't + block pod startup if the + referenced ClusterTrustBundle(s) + aren't available. If + using name, then the named + ClusterTrustBundle is + allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is allowed + to match zero ClusterTrustBundles. + type: boolean path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. + description: Relative path + from the volume root to + write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles that + match this signer name. + Mutually-exclusive with + name. The contents of + all selected ClusterTrustBundles + will be unified and deduplicated. type: string required: - - key - path type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional specify - whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data to project - properties: - items: - description: Items is a list of - DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field + configMap: + description: configMap information + about the configMap data to + project + properties: + items: + description: items if unspecified, + each key-value pair in + the Data field of the + referenced ConfigMap will + be projected into the + volume as a file whose + name is the key and content + is the value. If specified, + the listed keys will be + projected into the specified + paths, and unlisted keys + will not be present. If + a key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain the + '..' path or start with + '..'. + items: + description: Maps a string + key to a path within + a volume. + properties: + key: + description: key is + the key to project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on this + file. Must be an + octal value between + 0000 and 0777 or + a decimal value + between 0 and 511. + YAML accepts both + octal and decimal + values, JSON requires + decimal values for + mode bits. If not + specified, the volume + defaultMode will + be used. This might + be in conflict with + other options that + affect the file + mode, like fsGroup, + and the result can + be other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key to. + May not be an absolute + path. May not contain + the path element + '..'. May not start + with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify + whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data + to project + properties: + items: + description: Items is a + list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information + to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: + Selects a field + of the pod: only + annotations, labels, + name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version + of the schema + the FieldPath + is written in + terms of, defaults + to "v1". + type: string + fieldPath: + description: Path + of the field + to select in + the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used to + set permissions + on this file, must + be an octal value + between 0000 and + 0777 or a decimal + value between 0 + and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for + mode bits. If not + specified, the volume + defaultMode will + be used. This might + be in conflict with + other options that + affect the file + mode, like fsGroup, + and the result can + be other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the + file to be created. + Must not be absolute + or contain the ''..'' + path. Must be utf-8 + encoded. The first + item of the relative + path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of the + container: only + resources limits + and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container + name: required + for volumes, + optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format + of the exposed + resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information + about the secret data to project properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' + items: + description: items if unspecified, + each key-value pair in + the Data field of the + referenced Secret will + be projected into the + volume as a file whose + name is the key and content + is the value. If specified, + the listed keys will be + projected into the specified + paths, and unlisted keys + will not be present. If + a key is specified which + is not present in the + Secret, the volume setup + will error unless it is + marked optional. Paths + must be relative and may + not contain the '..' path + or start with '..'. + items: + description: Maps a string + key to a path within + a volume. + properties: + key: + description: key is + the key to project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on this + file. Must be an + octal value between + 0000 and 0777 or + a decimal value + between 0 and 511. + YAML accepts both + octal and decimal + values, JSON requires + decimal values for + mode bits. If not + specified, the volume + defaultMode will + be used. This might + be in conflict with + other options that + affect the file + mode, like fsGroup, + and the result can + be other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key to. + May not be an absolute + path. May not contain + the path element + '..'. May not start + with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the + referent. This field is + effectively required, + but due to backwards compatibility + is allowed to be empty. + Instances of this type + with an empty value here + are almost certainly wrong. + TODO: Add other useful + fields. apiVersion, kind, + uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path + optional: + description: optional field + specify whether the Secret + or its key must be defined + type: boolean type: object - type: array - type: object - secret: - description: secret information about - the secret data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key - to a path within a volume. + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the serviceAccountToken + data to project properties: - key: - description: key is the - key to project. + audience: + description: audience is + the intended audience + of the token. A recipient + of a token must identify + itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. + The audience defaults + to the identifier of the + apiserver. type: string - mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the + token approaches expiration, + the kubelet volume plugin + will proactively rotate + the service account token. + The kubelet will start + trying to rotate the token + if the token is older + than 80 percent of its + time to live or if the + token is older than 24 + hours.Defaults to 1 hour + and must be at least 10 + minutes. + format: int64 type: integer path: description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. + path relative to the mount + point of the file to project + the token into. type: string required: - - key - path type: object - type: array + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's + lifetime + properties: + group: + description: group to map volume access + to Default is no group + type: string + readOnly: + description: readOnly here will force + the Quobyte volume to be mounted + with read-only permissions. Defaults + to false. + type: boolean + registry: + description: registry represents a + single or multiple Quobyte Registry + services specified as a string as + host:port pair (multiple entries + are separated with commas) which + acts as the central registry for + volumes + type: string + tenant: + description: tenant owning the given + Quobyte volume in the Backend Used + with dynamically provisioned Quobyte + volumes, value is set by the plugin + type: string + user: + description: user to map volume access + to Defaults to serivceaccount user + type: string + volume: + description: volume is a string that + references an already created Quobyte + volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block + Device mount on the host that shares + a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the filesystem + type is supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to be + "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in + the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados image + name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path + to key ring for RBDUser. Default + is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados pool + name. Default is rbd. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force + the ReadOnly setting in VolumeMounts. + Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of + the authentication secret for RBDUser. + If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: name: + default: "" description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. TODO: Add other useful fields. - apiVersion, kind, uid?' + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - optional: - description: optional field specify - whether the Secret or its key - must be defined - type: boolean type: object x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project + user: + description: 'user is the rados user + name. Default is admin. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address + of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the + name of the ScaleIO Protection Domain + for the configured storage. + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references + to the secret for ScaleIO user and + other sensitive information. If + this is not provided, Login operation + will fail. properties: - audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. - format: int64 - type: integer - path: - description: path is the path - relative to the mount point - of the file to project the token - into. + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, + default false + type: boolean + storageMode: + description: storageMode indicates + whether the storage for a volume + should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO + Storage Pool associated with the + protection domain. + type: string + system: + description: system is the name of + the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name + of a volume already created in the + ScaleIO system that is associated + with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret + that should populate this volume. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 and + 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. Defaults + to 0644. Directories within the + path are not affected by this setting. + This might be in conflict with other + options that affect the file mode, + like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, + each key-value pair in the Data + field of the referenced Secret will + be projected into the volume as + a file whose name is the key and + content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an octal + value between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts both + octal and decimal values, + JSON requires decimal values + for mode bits. If not specified, + the volume defaultMode will + be used. This might be in + conflict with other options + that affect the file mode, + like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map the + key to. May not be an absolute + path. May not contain the + path element '..'. May not + start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify + whether the Secret or its keys must + be defined + type: boolean + secretName: + description: 'secretName is the name + of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS + volume attached and mounted on Kubernetes + nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the + secret to use for obtaining the + StorageOS API credentials. If not + specified, default values will be + attempted. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - required: - - path type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within StorageOS. If + no namespace is specified then the + Pod's namespace will be used. This + allows the Kubernetes name scoping + to be mirrored within StorageOS + for tighter integration. Set VolumeName + to any name to override the default + behaviour. Set to "default" if you + are not using namespaces within + StorageOS. Namespaces that do not + pre-exist within StorageOS will + be created. + type: string type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. - type: boolean - registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes - type: string - tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin - type: string - user: - description: user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false - type: boolean - storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. - type: string - system: - description: system is the name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path - within a volume. + vsphereVolume: + description: vsphereVolume represents + a vSphere volume attached and mounted + on kubelets host machine properties: - key: - description: key is the key to project. + fsType: + description: fsType is filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. + storagePolicyID: + description: storagePolicyID is the + storage Policy Based Management + (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is + the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path + that identifies vSphere volume vmdk type: string required: - - key - - path + - volumePath type: object - type: array - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. + required: + - name + type: object + type: array + type: object + type: object + name: + description: Name specifies the name of the addon that + will be used for the backup/restore purpose + type: string + tasks: + description: Tasks specifies a list of backup/restore + tasks and their configuration parameters + items: + description: TaskReference specifies a task and its + configuration parameters + properties: + addonVolumes: + description: AddonVolumes lets you overwrite the + volume sources used in the VolumeTemplate section + of Addon. Make sure that name of your volume + matches with the name of the volume you want + to overwrite. + items: + description: AddonVolumeInfo specifies the name + and the source of volume properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. + name: + description: Name specifies the name of + the volume type: string - type: object - volumeClaimTemplate: - description: VolumeClaimTemplate specifies a - template for volume to use by the backup/restore - executor - properties: - metadata: - description: May contain labels and annotations - that will be copied into the PVC when - creating it. No other fields are allowed - and will be rejected during validation. + source: + description: Source specifies the source + of this volume. properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured - key value map stored with a resource - that may be set by external tools - to store and retrieve arbitrary metadata. - They are not queryable and should - be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true + will force the readOnly setting + in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique + ID of the persistent disk resource + in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an + Azure Data Disk mount on the host + and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the + Host Caching mode: None, Read + Only, Read Write.' + type: string + diskName: + description: diskName is the Name + of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI + of data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values + are Shared: multiple blob disks + per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only + in managed availability set). + defaults to shared' + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an + Azure File Service mount on the host + and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name + of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: shareName is the azure + share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph + FS mount on the host that shares a + pod's lifetime + properties: + monitors: + description: 'monitors is Required: + Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: + Used as the mounted root, rather + than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: + SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: + SecretRef is reference to the + authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: + User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder + volume attached and mounted on kubelets + host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to + be "ext4" if unspecified. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults + to false (read/write). ReadOnly + here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: + points to a secret object containing + parameters used to connect to + OpenStack.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify + the volume in cinder. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a + configMap that should populate this + volume + properties: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the ConfigMap, + the volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage + Interface) represents ephemeral storage + that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name + of the CSI driver that handles + this volume. Consult with your + admin for the correct name as + registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. + "ext4", "xfs", "ntfs". If not + provided, the empty value is passed + to the associated CSI driver which + will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef + is a reference to the secret object + containing sensitive information + to pass to the CSI driver to complete + the CSI NodePublishVolume and + NodeUnpublishVolume calls. This + field is optional, and may be + empty if no secret is required. + If the secret object contains + more than one secret, all secret + references are passed. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies + a read-only configuration for + the volume. Defaults to false + (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores + driver-specific properties that + are passed to the CSI driver. + Consult your driver's documentation + for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents + downward API about the pod that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits + to use on created files by default. + Must be a Optional: mode bits + used to set permissions on created + files by default. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of + downward API volume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a + temporary directory that shares a + pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents + what type of storage medium should + back this directory. The default + is "" which means to use the node''s + default medium. Must be an empty + string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total + amount of local storage required + for this EmptyDir volume. The + size limit is also applicable + for memory medium. The maximum + usage on memory medium EmptyDir + would be the minimum value between + the SizeLimit specified here and + the sum of memory limits of all + containers in a pod. The default + is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a + volume that is handled by a cluster + storage driver. The volume's lifecycle + is tied to the pod that defines it + - it will be created before the pod + starts, and deleted when the pod is + removed. \n Use this if: a) the volume + is only needed while the pod runs, + b) features of normal volumes like + restoring from snapshot or capacity + tracking are needed, c) the storage + driver is specified through a storage + class, and d) the storage driver supports + dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection + between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one + of the vendor-specific APIs for volumes + that persist for longer than the lifecycle + of an individual pod. \n Use CSI for + light-weight local ephemeral volumes + if the CSI driver is meant to be used + that way - see the documentation of + the driver for more information. \n + A pod can use both types of ephemeral + volumes and persistent volumes at + the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create + a stand-alone PVC to provision + the volume. The pod in which this + EphemeralVolumeSource is embedded + will be the owner of the PVC, + i.e. the PVC will be deleted together + with the pod. The name of the + PVC will be `-` where `` is + the name from the `PodSpec.Volumes` + array entry. Pod validation will + reject the pod if the concatenated + name is not valid for a PVC (for + example, too long). \n An existing + PVC with that name that is not + owned by the pod will *not* be + used for the pod to avoid using + an unrelated volume by mistake. + Starting the pod is then blocked + until the unrelated PVC is removed. + If such a pre-created PVC is meant + to be used by the pod, the PVC + has to updated with an owner reference + to the pod once the pod exists. + Normally this should not be necessary, + but it may be useful when manually + reconstructing a broken cluster. + \n This field is read-only and + no changes will be made by Kubernetes + to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels + and annotations that will + be copied into the PVC when + creating it. No other fields + are allowed and will be rejected + during validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations + is an unstructured key + value map stored with + a resource that may be + set by external tools + to store and retrieve + arbitrary metadata. They + are not queryable and + should be preserved when + modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName + is an optional prefix, + used by the server, to + generate a unique name + ONLY IF the Name field + has not been provided. + If this field is used, + the name returned to the + client will be different + than the name passed. + This value will also be + combined with a unique + suffix. The provided value + has the same validation + rules as the Name field, + and may be truncated by + the length of the suffix + required to make the value + unique on the server. + \n If this field is specified + and the generated name + exists, the server will + NOT return a 409 - instead, + it will either return + 201 Created or 500 with + Reason ServerTimeout indicating + a unique name could not + be found in the time allotted, + and the client should + retry (optionally after + the time indicated in + the Retry-After header). + \n Applied only if Name + is not specified. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can + be used to organize and + categorize (scope and + select) objects. May match + selectors of replication + controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must + be unique within a namespace. + Is required when creating + resources, although some + resources may allow a + client to request the + generation of an appropriate + name automatically. Name + is primarily intended + for creation idempotence + and configuration definition. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace + defines the space within + each name must be unique. + An empty namespace is + equivalent to the \"default\" + namespace, but \"default\" + is the canonical representation. + Not all objects are required + to be scoped to a namespace + - the value of this field + for those objects will + be empty. \n Must be a + DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. + If ALL objects in the + list have been deleted, + this object will be garbage + collected. If this object + is managed by a controller, + then an entry in this + list will point to this + controller, with the controller + field set to true. There + cannot be more than one + managing controller. + items: + description: OwnerReference + contains enough information + to let you identify + an owning object. An + owning object must be + in the same namespace + as the dependent, or + be cluster-scoped, so + there is no namespace + field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner + has the "foregroundDeletion" + finalizer, then + the owner cannot + be deleted from + the key-value store + until this reference + is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field + and enforces the + foreground deletion. + Defaults to false. + To set this field, + a user needs "delete" + permission of the + owner, otherwise + 422 (Unprocessable + Entity) will be + returned. + type: boolean + controller: + description: If true, + this reference points + to the managing + controller. + type: boolean + kind: + description: 'Kind + of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification + for the PersistentVolumeClaim. + The entire content is copied + unchanged into the PVC that + gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes + contains the desired access + modes the volume should + have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource + field can be used to specify + either: * An existing + VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or + an external controller + can support the specified + data source, it will create + a new volume based on + the contents of the specified + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the + volume with data, if a + non-empty volume is desired. + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim + object. When this field + is specified, volume binding + will only succeed if the + type of the specified + object matches some installed + volume populator or dynamic + provisioner. This field + will replace the functionality + of the dataSource field + and as such if both fields + are non-empty, they must + have the same value. For + backwards compatibility, + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows + two specific types of + objects, dataSourceRef + allows any non-core object, + as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, + and generates an error + if a disallowed value + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the + AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources + represents the minimum + resources the volume should + have. If RecoverVolumeExpansionFailure + feature is enabled users + are allowed to specify + resource requirements + that are lower than previous + value but must still be + higher than capacity recorded + in the status field of + the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits + describes the maximum + amount of compute + resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests + describes the minimum + amount of compute + resources required. + If Requests is omitted + for a container, it + defaults to Limits + if that is explicitly + specified, otherwise + to an implementation-defined + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is + a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode + defines what type of volume + is required by the claim. + Value of Filesystem is + implied when not included + in claim spec. + type: string + volumeName: + description: volumeName + is the binding reference + to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. TODO: how do we + prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC + target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: + FC target worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC + volume world wide identifiers + (wwids) Either wwids or combination + of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a + generic volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: + description: driver is the name + of the driver to use for this + volume. + type: string + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: + this field holds extra command + options if any.' + type: object + readOnly: + description: 'readOnly is Optional: + defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: + secretRef is reference to the + secret object containing sensitive + information to pass to the plugin + scripts. This may be empty if + no secret object is specified. + If the secret object contains + more than one secret, all secrets + are passed to the plugin scripts.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver type: object - generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field - has not been provided. If this field - is used, the name returned to the - client will be different than the - name passed. This value will also - be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be - truncated by the length of the suffix - required to make the value unique - on the server. \n If this field is - specified and the generated name exists, - the server will NOT return a 409 - - instead, it will either return 201 - Created or 500 with Reason ServerTimeout - indicating a unique name could not - be found in the time allotted, and - the client should retry (optionally - after the time indicated in the Retry-After - header). \n Applied only if Name is - not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and - values that can be used to organize - and categorize (scope and select) - objects. May match selectors of replication - controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host + machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name + of the dataset stored as metadata + -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the + UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name + of the PD resource in GCE. Used + to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a + Glusterfs mount on the host that shares + a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs + volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will + force the Glusterfs volume to + be mounted with read-only permissions. + Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a + pre-existing file or directory on + the host machine that is directly + exposed to the container. This is + generally used for system agents or + other privileged things that are allowed + to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict + who can use host directory mounts + and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'path of the directory + on the host. If the path is a + symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath + Volume Defaults to "" More info: + https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI + Disk resource that is attached to + a kubelet''s host machine and then + exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines + whether support iSCSI Session + CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the + custom iSCSI Initiator Name. If + initiatorName is specified with + iscsiInterface simultaneously, + new iSCSI interface : will be created for the + connection. + type: string + iqn: + description: iqn is the target iSCSI + Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the + interface Name that uses an iSCSI + transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI + Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI + Target Portal List. The portal + is either an IP or ip_addr:port + if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP + Secret for iSCSI target and initiator + authentication + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI + Target Portal. The Portal is either + an IP or ip_addr:port if the port + is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: 'nfs represents an NFS + mount on the host that shares a pod''s + lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported + by the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will + force the NFS export to be mounted + with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname + or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name + of a PersistentVolumeClaim in + the same namespace as the pod + using this volume. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force + the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk + attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that + identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents + a portworx volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fSType represents the + filesystem type to mount Must + be a filesystem type supported + by the host operating system. + Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all + in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: defaultMode are the + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Directories within the path are + not affected by this setting. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set. + format: int32 + type: integer + sources: + description: sources is the list + of volume projections + items: + description: Projection that may + be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. + type: string + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data + to project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced ConfigMap + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + specify whether the + ConfigMap or its keys + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data + to project + properties: + items: + description: Items is + a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information + to create the file + containing the pod + field + properties: + fieldRef: + description: 'Required: + Selects a field + of the pod: only + annotations, labels, + name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version + of the schema + the FieldPath + is written + in terms of, + defaults to + "v1". + type: string + fieldPath: + description: Path + of the field + to select + in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used + to set permissions + on this file, + must be an octal + value between + 0000 and 0777 + or a decimal value + between 0 and + 511. YAML accepts + both octal and + decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the + file to be created. + Must not be absolute + or contain the + ''..'' path. Must + be utf-8 encoded. + The first item + of the relative + path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of + the container: + only resources + limits and requests + (limits.cpu, limits.memory, + requests.cpu and + requests.memory) + are currently + supported.' + properties: + containerName: + description: 'Container + name: required + for volumes, + optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output + format of + the exposed + resources, + defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information + about the secret data to + project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced Secret + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + Secret, the volume setup + will error unless it + is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + field specify whether + the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the + serviceAccountToken data + to project + properties: + audience: + description: audience + is the intended audience + of the token. A recipient + of a token must identify + itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. + The audience defaults + to the identifier of + the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the + token approaches expiration, + the kubelet volume plugin + will proactively rotate + the service account + token. The kubelet will + start trying to rotate + the token if the token + is older than 80 percent + of its time to live + or if the token is older + than 24 hours.Defaults + to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: path is the + path relative to the + mount point of the file + to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's + lifetime + properties: + group: + description: group to map volume + access to Default is no group + type: string + readOnly: + description: readOnly here will + force the Quobyte volume to be + mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents + a single or multiple Quobyte Registry + services specified as a string + as host:port pair (multiple entries + are separated with commas) which + acts as the central registry for + volumes + type: string + tenant: + description: tenant owning the given + Quobyte volume in the Backend + Used with dynamically provisioned + Quobyte volumes, value is set + by the plugin + type: string + user: + description: user to map volume + access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string + that references an already created + Quobyte volume by name. + type: string + required: + - registry + - volume type: object - name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources - may allow a client to request the - generation of an appropriate name - automatically. Name is primarily intended - for creation idempotence and configuration - definition. Cannot be updated. More - info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the - space within each name must be unique. - An empty namespace is equivalent to - the \"default\" namespace, but \"default\" - is the canonical representation. Not - all objects are required to be scoped - to a namespace - the value of this - field for those objects will be empty. - \n Must be a DNS_LABEL. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended - by this object. If ALL objects in - the list have been deleted, this object - will be garbage collected. If this - object is managed by a controller, - then an entry in this list will point - to this controller, with the controller - field set to true. There cannot be - more than one managing controller. - items: - description: OwnerReference contains - enough information to let you identify - an owning object. An owning object - must be in the same namespace as - the dependent, or be cluster-scoped, - so there is no namespace field. - properties: - apiVersion: - description: API version of the - referent. - type: string - blockOwnerDeletion: - description: If true, AND if the - owner has the "foregroundDeletion" - finalizer, then the owner cannot - be deleted from the key-value - store until this reference is - removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field and - enforces the foreground deletion. - Defaults to false. To set this - field, a user needs "delete" - permission of the owner, otherwise - 422 (Unprocessable Entity) will - be returned. - type: boolean - controller: - description: If true, this reference - points to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + rbd: + description: 'rbd represents a Rados + Block Device mount on the host that + shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados + image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path + to key ring for RBDUser. Default + is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged - into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes contains the - desired access modes the volume should - have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be - used to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a new - volume based on the contents of the - specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource - contents will be copied to dataSourceRef, - and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef will - not be copied to dataSource.' + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados + pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name + of the authentication secret for + RBDUser. If provided overrides + keyring. Default is nil. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados + user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted + on Kubernetes nodes. properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Default is "xfs". type: string - kind: - description: Kind is the type of - resource being referenced + gateway: + description: gateway is the host + address of the ScaleIO API Gateway. type: string - name: - description: Name is the name of - resource being referenced + protectionDomain: + description: protectionDomain is + the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references + to the secret for ScaleIO user + and other sensitive information. + If this is not provided, Login + operation will fail. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, + default false + type: boolean + storageMode: + description: storageMode indicates + whether the storage for a volume + should be ThickProvisioned or + ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the + ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name + of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name + of a volume already created in + the ScaleIO system that is associated + with this volume source. type: string required: - - kind - - name + - gateway + - secretRef + - system type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be any - object from a non-empty API group - (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if - the type of the specified object matches - some installed volume populator or - dynamic provisioner. This field will - replace the functionality of the dataSource - field and as such if both fields are - non-empty, they must have the same - value. For backwards compatibility, - when namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to - the same value automatically if one - of them is empty and the other is - non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t - set to the same value and must be - empty. There are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows two - specific types of objects, dataSourceRef - allows any non-core object, as well - as PersistentVolumeClaim objects. - * While dataSource ignores disallowed - values (dropping them), dataSourceRef - preserves all values, and generates - an error if a disallowed value is - specified. * While dataSource only - allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires the - AnyVolumeDataSource feature gate to - be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature - gate to be enabled.' + secret: + description: 'secret represents a secret + that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the Secret, the + volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify + whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'secretName is the + name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string - kind: - description: Kind is the type of - resource being referenced + type: object + storageos: + description: storageOS represents a + StorageOS volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. type: string - name: - description: Name is the name of - resource being referenced + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies + the secret to use for obtaining + the StorageOS API credentials. If + not specified, default values + will be attempted. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a + namespace. type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. - See the ReferenceGrant documentation - for details. (Alpha) This field - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within + StorageOS. If no namespace is + specified then the Pod's namespace + will be used. This allows the + Kubernetes name scoping to be + mirrored within StorageOS for + tighter integration. Set VolumeName + to any name to override the default + behaviour. Set to "default" if + you are not using namespaces within + StorageOS. Namespaces that do + not pre-exist within StorageOS + will be created. type: string - required: - - kind - - name type: object - resources: - description: 'resources represents the - minimum resources the volume should - have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements that - are lower than previous value but - must still be higher than capacity - recorded in the status field of the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + volumeClaimTemplate: + description: VolumeClaimTemplate specifies + a template for volume to use by the + backup/restore executor properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + metadata: + description: May contain labels + and annotations that will be copied + into the PVC when creating it. + No other fields are allowed and + will be rejected during validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is + an unstructured key value + map stored with a resource + that may be set by external + tools to store and retrieve + arbitrary metadata. They are + not queryable and should be + preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is + an optional prefix, used by + the server, to generate a + unique name ONLY IF the Name + field has not been provided. + If this field is used, the + name returned to the client + will be different than the + name passed. This value will + also be combined with a unique + suffix. The provided value + has the same validation rules + as the Name field, and may + be truncated by the length + of the suffix required to + make the value unique on the + server. \n If this field is + specified and the generated + name exists, the server will + NOT return a 409 - instead, + it will either return 201 + Created or 500 with Reason + ServerTimeout indicating a + unique name could not be found + in the time allotted, and + the client should retry (optionally + after the time indicated in + the Retry-After header). \n + Applied only if Name is not + specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can be + used to organize and categorize + (scope and select) objects. + May match selectors of replication + controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique + within a namespace. Is required + when creating resources, although + some resources may allow a + client to request the generation + of an appropriate name automatically. + Name is primarily intended + for creation idempotence and + configuration definition. + Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines + the space within each name + must be unique. An empty namespace + is equivalent to the \"default\" + namespace, but \"default\" + is the canonical representation. + Not all objects are required + to be scoped to a namespace + - the value of this field + for those objects will be + empty. \n Must be a DNS_LABEL. + Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. If + ALL objects in the list have + been deleted, this object + will be garbage collected. + If this object is managed + by a controller, then an entry + in this list will point to + this controller, with the + controller field set to true. + There cannot be more than + one managing controller. + items: + description: OwnerReference + contains enough information + to let you identify an owning + object. An owning object + must be in the same namespace + as the dependent, or be + cluster-scoped, so there + is no namespace field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner has + the "foregroundDeletion" + finalizer, then the + owner cannot be deleted + from the key-value store + until this reference + is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field and + enforces the foreground + deletion. Defaults to + false. To set this field, + a user needs "delete" + permission of the owner, + otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, + this reference points + to the managing controller. + type: boolean + kind: + description: 'Kind of + the referent. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the + referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + spec: + description: The specification for + the PersistentVolumeClaim. The + entire content is copied unchanged + into the PVC that gets created + from this template. The same fields + as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes contains + the desired access modes the + volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field + can be used to specify either: + * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the + specified data source, it + will create a new volume based + on the contents of the specified + data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource + contents will be copied to + dataSourceRef, and dataSourceRef + contents will be copied to + dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the volume + with data, if a non-empty + volume is desired. This may + be any object from a non-empty + API group (non core object) + or a PersistentVolumeClaim + object. When this field is + specified, volume binding + will only succeed if the type + of the specified object matches + some installed volume populator + or dynamic provisioner. This + field will replace the functionality + of the dataSource field and + as such if both fields are + non-empty, they must have + the same value. For backwards + compatibility, when namespace + isn''t specified in dataSourceRef, + both fields (dataSource and + dataSourceRef) will be set + to the same value automatically + if one of them is empty and + the other is non-empty. When + namespace is specified in + dataSourceRef, dataSource + isn''t set to the same value + and must be empty. There are + three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, and + generates an error if a disallowed + value is specified. * While + dataSource only allows local + objects, dataSourceRef allows + objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + namespace: + description: Namespace is + the namespace of resource + being referenced Note + that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in + the referent namespace + to allow that namespace's + owner to accept the reference. + See the ReferenceGrant + documentation for details. + (Alpha) This field requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the + volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are + allowed to specify resource + requirements that are lower + than previous value but must + still be higher than capacity + recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of + compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes + the minimum amount of + compute resources required. + If Requests is omitted + for a container, it defaults + to Limits if that is explicitly + specified, otherwise to + an implementation-defined + value. Requests cannot + exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create + or update the volume with + the attributes defined in + the corresponding VolumeAttributesClass. + This has a different purpose + than storageClassName, it + can be changed after the claim + is created. An empty string + value means that no VolumeAttributesClass + will be applied to the claim + but it''s not allowed to reset + this field to empty string + once it is set. If unspecified + and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If + the resource referred to by + volumeAttributesClass does + not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires + the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode defines + what type of volume is required + by the claim. Value of Filesystem + is implied when not included + in claim spec. + type: string + volumeName: + description: volumeName is the + binding reference to the PersistentVolume + backing this claim. + type: string type: object + required: + - spec type: object - selector: - description: selector is a label query - over volumes to consider for binding. + vsphereVolume: + description: vsphereVolume represents + a vSphere volume attached and mounted + on kubelets host machine properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the - name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or update - the volume with the attributes defined - in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An empty - string value means that no VolumeAttributesClass - will be applied to the claim but it''s - not allowed to reset this field to - empty string once it is set. If unspecified - and the PersistentVolumeClaim is unbound, - the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the resource - referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, as - reflected by the modifyVolumeStatus - field, until such as a resource exists. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what - type of volume is required by the - claim. Value of Filesystem is implied - when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - required: - - spec - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - type: object - type: object - type: array - name: - description: Name indicates to the name of the task - type: string - params: - description: Params specifies parameters for the task. - You must provide the parameter in the Addon desired - structure. - type: object - x-kubernetes-preserve-unknown-fields: true - targetVolumes: - description: TargetVolumes specifies which volumes from - the target should be mounted in the backup/restore job/container. - properties: - volumeClaimTemplates: - description: VolumeClaimTemplates specifies a template - for the PersistentVolumeClaims that will be created - for each Pod in a StatefulSet. - items: - description: PersistentVolumeClaim is a user's request - for and claim to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned - schema of this representation of an object. - Servers should convert recognized schemas - to the latest internal value, and may reject - unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. - Servers may infer this from the endpoint the - client submits requests to. Cannot be updated. - In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store - and retrieve arbitrary metadata. They - are not queryable and should be preserved - when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional - prefix, used by the server, to generate - a unique name ONLY IF the Name field has - not been provided. If this field is used, - the name returned to the client will be - different than the name passed. This value - will also be combined with a unique suffix. - The provided value has the same validation - rules as the Name field, and may be truncated - by the length of the suffix required to - make the value unique on the server. \n - If this field is specified and the generated - name exists, the server will NOT return - a 409 - instead, it will either return - 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be - found in the time allotted, and the client - should retry (optionally after the time - indicated in the Retry-After header). - \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match - selectors of replication controllers and - services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within - a namespace. Is required when creating - resources, although some resources may - allow a client to request the generation - of an appropriate name automatically. - Name is primarily intended for creation - idempotence and configuration definition. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space - within each name must be unique. An empty - namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical - representation. Not all objects are required - to be scoped to a namespace - the value - of this field for those objects will be - empty. \n Must be a DNS_LABEL. Cannot - be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by - this object. If ALL objects in the list - have been deleted, this object will be - garbage collected. If this object is managed - by a controller, then an entry in this - list will point to this controller, with - the controller field set to true. There - cannot be more than one managing controller. - items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in - the same namespace as the dependent, - or be cluster-scoped, so there is no - namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner - has the "foregroundDeletion" finalizer, - then the owner cannot be deleted - from the key-value store until this - reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the - foreground deletion. Defaults to - false. To set this field, a user - needs "delete" permission of the - owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference - points to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: 'Spec defines the desired characteristics - of a volume requested by a pod author. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, - it will create a new volume based on the - contents of the specified data source. - When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource - when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If - APIGroup is not specified, the specified - Kind must be in the core API group. - For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name + fsType: + description: fsType is filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is + the storage Policy Based Management + (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is + the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path + that identifies vSphere volume + vmdk + type: string + required: + - volumePath + type: object type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed if the - type of the specified object matches some - installed volume populator or dynamic - provisioner. This field will replace the - functionality of the dataSource field - and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the - same value automatically if one of them - is empty and the other is non-empty. When - namespace is specified in dataSourceRef, - dataSource isn''t set to the same value - and must be empty. There are three important - differences between dataSource and dataSourceRef: - * While dataSource only allows two specific - types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed - values (dropping them), dataSourceRef - preserves all values, and generates an - error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' + type: object + type: array + name: + description: Name indicates to the name of the + task + type: string + params: + description: Params specifies parameters for the + task. You must provide the parameter in the + Addon desired structure. + type: object + x-kubernetes-preserve-unknown-fields: true + targetVolumes: + description: TargetVolumes specifies which volumes + from the target should be mounted in the backup/restore + job/container. + properties: + volumeClaimTemplates: + description: VolumeClaimTemplates specifies + a template for the PersistentVolumeClaims + that will be created for each Pod in a StatefulSet. + items: + description: PersistentVolumeClaim is a + user's request for and claim to a persistent + volume properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If - APIGroup is not specified, the specified - Kind must be in the core API group. - For any other third-party types, APIGroup - is required. + apiVersion: + description: 'APIVersion defines the + versioned schema of this representation + of an object. Servers should convert + recognized schemas to the latest internal + value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced + description: 'Kind is a string value + representing the REST resource this + object represents. Servers may infer + this from the endpoint the client + submits requests to. Cannot be updated. + In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note - that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent - namespace to allow that namespace's - owner to accept the reference. See - the ReferenceGrant documentation for - details. (Alpha) This field requires - the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are - lower than previous value but must still - be higher than capacity recorded in the - status field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the - minimum amount of compute resources - required. If Requests is omitted for - a container, it defaults to Limits - if that is explicitly specified, otherwise - to an implementation-defined value. - Requests cannot exceed Limits. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. + metadata: + description: 'Standard object''s metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: 'Annotations is an + unstructured key value map stored + with a resource that may be set + by external tools to store and + retrieve arbitrary metadata. They + are not queryable and should be + preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an + optional prefix, used by the server, + to generate a unique name ONLY + IF the Name field has not been + provided. If this field is used, + the name returned to the client + will be different than the name + passed. This value will also be + combined with a unique suffix. + The provided value has the same + validation rules as the Name field, + and may be truncated by the length + of the suffix required to make + the value unique on the server. + \n If this field is specified + and the generated name exists, + the server will NOT return a 409 + - instead, it will either return + 201 Created or 500 with Reason + ServerTimeout indicating a unique + name could not be found in the + time allotted, and the client + should retry (optionally after + the time indicated in the Retry-After + header). \n Applied only if Name + is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: + description: 'Map of string keys + and values that can be used to + organize and categorize (scope + and select) objects. May match + selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique + within a namespace. Is required + when creating resources, although + some resources may allow a client + to request the generation of an + appropriate name automatically. + Name is primarily intended for + creation idempotence and configuration + definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines + the space within each name must + be unique. An empty namespace + is equivalent to the \"default\" + namespace, but \"default\" is + the canonical representation. + Not all objects are required to + be scoped to a namespace - the + value of this field for those + objects will be empty. \n Must + be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended + by this object. If ALL objects + in the list have been deleted, + this object will be garbage collected. + If this object is managed by a + controller, then an entry in this + list will point to this controller, + with the controller field set + to true. There cannot be more + than one managing controller. + items: + description: OwnerReference contains + enough information to let you + identify an owning object. An + owning object must be in the + same namespace as the dependent, + or be cluster-scoped, so there + is no namespace field. + properties: + apiVersion: + description: API version of + the referent. + type: string + blockOwnerDeletion: + description: If true, AND + if the owner has the "foregroundDeletion" + finalizer, then the owner + cannot be deleted from the + key-value store until this + reference is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector + interacts with this field + and enforces the foreground + deletion. Defaults to false. + To set this field, a user + needs "delete" permission + of the owner, otherwise + 422 (Unprocessable Entity) + will be returned. + type: boolean + controller: + description: If true, this + reference points to the + managing controller. + type: boolean + kind: + description: 'Kind of the + referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the + referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: 'Spec defines the desired + characteristics of a volume requested + by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains + the desired access modes the volume + should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a + new volume based on the contents + of the specified data source. + When the AnyVolumeDataSource feature + gate is enabled, dataSource contents + will be copied to dataSourceRef, + and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace + is specified, then dataSourceRef + will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the + group for the resource being + referenced. If APIGroup is + not specified, the specified + Kind must be in the core API + group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be + any object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume + populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as + such if both fields are non-empty, + they must have the same value. + For backwards compatibility, when + namespace isn''t specified in + dataSourceRef, both fields (dataSource + and dataSourceRef) will be set + to the same value automatically + if one of them is empty and the + other is non-empty. When namespace + is specified in dataSourceRef, + dataSource isn''t set to the same + value and must be empty. There + are three important differences + between dataSource and dataSourceRef: + * While dataSource only allows + two specific types of objects, + dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim + objects. * While dataSource ignores + disallowed values (dropping them), + dataSourceRef preserves all values, + and generates an error if a disallowed + value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the + group for the resource being + referenced. If APIGroup is + not specified, the specified + Kind must be in the core API + group. For any other third-party + types, APIGroup is required. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, the - CSI driver will create or update the volume - with the attributes defined in the corresponding - VolumeAttributesClass. This has a different - purpose than storageClassName, it can - be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s - not allowed to reset this field to empty - string once it is set. If unspecified - and the PersistentVolumeClaim is unbound, - the default VolumeAttributesClass will - be set by the persistentvolume controller - if it exists. If the resource referred - to by volumeAttributesClass does not exist, - this PersistentVolumeClaim will be set - to a Pending state, as reflected by the - modifyVolumeStatus field, until such as - a resource exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the - VolumeAttributesClass feature gate to - be enabled.' - type: string - volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - status: - description: 'Status represents the current - information/status of a persistent volume - claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the actual - access modes the volume backing the PVC - has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResourceStatuses: - additionalProperties: - description: When a controller receives - persistentvolume claim update with ClaimResourceStatus - for a resource that it does not recognizes, - then it should ignore that update and - let other controllers handle it. - type: string - description: "allocatedResourceStatuses - stores status of resource being resized - for the given PVC. Key names follow standard - Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - - the capacity of the volume. * Custom - resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are - unprefixed or have kubernetes.io prefix - are considered reserved and hence may - not be used. \n ClaimResourceStatus can - be in any of following states: - ControllerResizeInProgress: - State set when resize controller starts - resizing the volume in control-plane. - - ControllerResizeFailed: State set when - resize has failed in resize controller - with a terminal error. - NodeResizePending: - State set when resize controller has finished - resizing the volume but further resizing - of volume is needed on the node. - NodeResizeInProgress: - State set when kubelet starts resizing - the volume. - NodeResizeFailed: State - set when resizing has failed in kubelet - with a terminal error. Transient errors - don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - - this field can be one of the following - states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field - is not set, it means that no resize operation - is in progress for the given PVC. \n A - controller that receives PVC update with - previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose - it was designed. For example - a controller - that only is responsible for resizing - capacity of the volume, should ignore - PVC updates that change other valid resources - associated with PVC. \n This is an alpha - field and requires enabling RecoverVolumeExpansionFailure - feature." - type: object - x-kubernetes-map-type: granular - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "allocatedResources tracks - the resources allocated to a PVC including - its capacity. Key names follow standard - Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - - the capacity of the volume. * Custom - resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are - unprefixed or have kubernetes.io prefix - are considered reserved and hence may - not be used. \n Capacity reported here - may be larger than the actual capacity - when a volume expansion operation is requested. - For storage quota, the larger value from - allocatedResources and PVC.spec.resources - is used. If allocatedResources is not - set, PVC.spec.resources alone is used - for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources - is only lowered if there are no expansion - operations in progress and if the actual - volume capacity is equal or lower than - the requested capacity. \n A controller - that receives PVC update with previously - unknown resourceName should ignore the - update for the purpose it was designed. - For example - a controller that only is - responsible for resizing capacity of the - volume, should ignore PVC updates that - change other valid resources associated - with PVC. \n This is an alpha field and - requires enabling RecoverVolumeExpansionFailure - feature." - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual - resources of the underlying volume. - type: object - conditions: - description: conditions is the current Condition - of persistent volume claim. If underlying - persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition - contains details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the - time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is - the time the condition transitioned - from one status to another. - format: date-time - type: string - message: - description: message is the human-readable - message indicating details about - last transition. - type: string - reason: - description: reason is a unique, this - should be a short, machine understandable - string that gives the reason for - condition's last transition. If - it reports "ResizeStarted" that - means the underlying persistent - volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - currentVolumeAttributesClassName: - description: currentVolumeAttributesClassName - is the current name of the VolumeAttributesClass - the PVC is using. When unset, there is - no VolumeAttributeClass applied to this - PersistentVolumeClaim This is an alpha - field and requires enabling VolumeAttributesClass - feature. - type: string - modifyVolumeStatus: - description: ModifyVolumeStatus represents - the status object of ControllerModifyVolume - operation. When this is unset, there is - no ModifyVolume operation being attempted. - This is an alpha field and requires enabling - VolumeAttributesClass feature. - properties: + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + namespace: + description: Namespace is the + namespace of resource being + referenced Note that when + a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferenceGrant documentation + for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents + the minimum resources the volume + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than + capacity recorded in the status + field of the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes + the maximum amount of compute + resources allowed. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes + the minimum amount of compute + resources required. If Requests + is omitted for a container, + it defaults to Limits if that + is explicitly specified, otherwise + to an implementation-defined + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label + query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the VolumeAttributesClass + used by this claim. If specified, + the CSI driver will create or + update the volume with the attributes + defined in the corresponding VolumeAttributesClass. + This has a different purpose than + storageClassName, it can be changed + after the claim is created. An + empty string value means that + no VolumeAttributesClass will + be applied to the claim but it''s + not allowed to reset this field + to empty string once it is set. + If unspecified and the PersistentVolumeClaim + is unbound, the default VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. If the + resource referred to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending state, + as reflected by the modifyVolumeStatus + field, until such as a resource + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires + the VolumeAttributesClass feature + gate to be enabled.' + type: string + volumeMode: + description: volumeMode defines + what type of volume is required + by the claim. Value of Filesystem + is implied when not included in + claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object status: - description: 'status is the status of - the ControllerModifyVolume operation. - It can be in any of following states: - - Pending Pending indicates that the - PersistentVolumeClaim cannot be modified - due to unmet requirements, such as - the specified VolumeAttributesClass - not existing. - InProgress InProgress - indicates that the volume is being - modified. - Infeasible Infeasible - indicates that the request has been - rejected as invalid by the CSI driver. - To resolve the error, a valid VolumeAttributesClass - needs to be specified. Note: New statuses - can be added in the future. Consumers - should check for unknown statuses - and fail appropriately.' - type: string - targetVolumeAttributesClassName: - description: targetVolumeAttributesClassName - is the name of the VolumeAttributesClass - the PVC currently being reconciled - type: string - required: - - status - type: object - phase: - description: phase represents the current - phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: array - volumeMounts: - description: VolumeMounts specifies the mount for - the volumes specified in `Volumes` section - items: - description: VolumeMount describes a mounting of - a Volume within a container. - properties: - mountPath: - description: Path within the container at which - the volume should be mounted. Must not contain - ':'. - type: string - mountPropagation: - description: mountPropagation determines how - mounts are propagated from the host to container - and the other way around. When not set, MountPropagationNone - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write - otherwise (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the volume from which - the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume - from which the container's volume should be - mounted. Behaves similarly to SubPath but - environment variable references $(VAR_NAME) - are expanded using the container's environment. - Defaults to "" (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes indicates the list of volumes - of targeted application that should be mounted on - the backup/restore job. - items: - description: Volume represents a named volume in - a pod that may be accessed by any container in - the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents - an AWS Disk resource that is attached to a - kubelet''s host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force - the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the - persistent disk resource in AWS (Amazon - EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data - Disk mount on the host and bind mount to the - pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching - mode: None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the - data disk in the blob storage - type: string - diskURI: - description: diskURI is the URI of data - disk in the blob storage - type: string - fsType: - description: fsType is Filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: - multiple blob disks per storage account Dedicated: - single blob disk per storage account Managed: - azure managed data disk (only in managed - availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File - Service mount on the host and bind mount to - the pod. - properties: - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of - secret that contains Azure Storage Account - Name and Key - type: string - shareName: - description: shareName is the azure share - Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount - on the host that shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors - is a collection of Ceph monitors More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as - the mounted root, rather than the full - Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile - is the path to key ring for User, default - is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef - is reference to the authentication secret - for User, default is empty. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is - the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume - attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points - to a secret object containing parameters - used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string + description: 'Status represents the + current information/status of a persistent + volume claim. Read-only. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains + the actual access modes the volume + backing the PVC has. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + description: When a controller + receives persistentvolume claim + update with ClaimResourceStatus + for a resource that it does + not recognizes, then it should + ignore that update and let other + controllers handle it. + type: string + description: "allocatedResourceStatuses + stores status of resource being + resized for the given PVC. Key + names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + ClaimResourceStatus can be in + any of following states: - ControllerResizeInProgress: + State set when resize controller + starts resizing the volume in + control-plane. - ControllerResizeFailed: + State set when resize has failed + in resize controller with a terminal + error. - NodeResizePending: State + set when resize controller has + finished resizing the volume but + further resizing of volume is + needed on the node. - NodeResizeInProgress: + State set when kubelet starts + resizing the volume. - NodeResizeFailed: + State set when resizing has failed + in kubelet with a terminal error. + Transient errors don't set NodeResizeFailed. + For example: if expanding a PVC + for more capacity - this field + can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\" + - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\" - + pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\" When this + field is not set, it means that + no resize operation is in progress + for the given PVC. \n A controller + that receives PVC update with + previously unknown resourceName + or ClaimResourceStatus should + ignore the update for the purpose + it was designed. For example - + a controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources + tracks the resources allocated + to a PVC including its capacity. + Key names follow standard Kubernetes + label syntax. Valid values are + either: * Un-prefixed keys: - + storage - the capacity of the + volume. * Custom resources must + use implementation-defined prefixed + names such as \"example.com/my-custom-resource\" + Apart from above values - keys + that are unprefixed or have kubernetes.io + prefix are considered reserved + and hence may not be used. \n + Capacity reported here may be + larger than the actual capacity + when a volume expansion operation + is requested. For storage quota, + the larger value from allocatedResources + and PVC.spec.resources is used. + If allocatedResources is not set, + PVC.spec.resources alone is used + for quota calculation. If a volume + expansion capacity request is + lowered, allocatedResources is + only lowered if there are no expansion + operations in progress and if + the actual volume capacity is + equal or lower than the requested + capacity. \n A controller that + receives PVC update with previously + unknown resourceName should ignore + the update for the purpose it + was designed. For example - a + controller that only is responsible + for resizing capacity of the volume, + should ignore PVC updates that + change other valid resources associated + with PVC. \n This is an alpha + field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents + the actual resources of the underlying + volume. + type: object + conditions: + description: conditions is the current + Condition of persistent volume + claim. If underlying persistent + volume is being resized then the + Condition will be set to 'Resizing'. + items: + description: PersistentVolumeClaimCondition + contains details about state + of pvc + properties: + lastProbeTime: + description: lastProbeTime + is the time we probed the + condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime + is the time the condition + transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the + human-readable message indicating + details about last transition. + type: string + reason: + description: reason is a unique, + this should be a short, + machine understandable string + that gives the reason for + condition's last transition. + If it reports "Resizing" + that means the underlying + persistent volume is being + resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + description: currentVolumeAttributesClassName + is the current name of the VolumeAttributesClass + the PVC is using. When unset, + there is no VolumeAttributeClass + applied to this PersistentVolumeClaim + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + type: string + modifyVolumeStatus: + description: ModifyVolumeStatus + represents the status object of + ControllerModifyVolume operation. + When this is unset, there is no + ModifyVolume operation being attempted. + This is an alpha field and requires + enabling VolumeAttributesClass + feature. + properties: + status: + description: 'status is the + status of the ControllerModifyVolume + operation. It can be in any + of following states: - Pending + Pending indicates that the + PersistentVolumeClaim cannot + be modified due to unmet requirements, + such as the specified VolumeAttributesClass + not existing. - InProgress + InProgress indicates that + the volume is being modified. + - Infeasible Infeasible indicates + that the request has been + rejected as invalid by the + CSI driver. To resolve the + error, a valid VolumeAttributesClass + needs to be specified. Note: + New statuses can be added + in the future. Consumers should + check for unknown statuses + and fail appropriately.' + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass + the PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the + current phase of PersistentVolumeClaim. + type: string + type: object type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify - the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap - that should populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer + type: array + volumeMounts: + description: VolumeMounts specifies the mount + for the volumes specified in `Volumes` section items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) - represents ephemeral storage that is handled - by certain external CSI drivers (Beta feature). - properties: - driver: - description: driver is the name of the CSI - driver that handles this volume. Consult - with your admin for the correct name as - registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", - "xfs", "ntfs". If not provided, the empty - value is passed to the associated CSI - driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference - to the secret object containing sensitive - information to pass to the CSI driver - to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field - is optional, and may be empty if no secret - is required. If the secret object contains - more than one secret, all secret references - are passed. + description: VolumeMount describes a mounting + of a Volume within a container. properties: + mountPath: + description: Path within the container + at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the + host to container and the other way + around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible + or to Enabled, MountPropagation must + be None or unspecified (which defaults + to None). + type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + description: This must match the Name + of a Volume. type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only - configuration for the volume. Defaults - to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI - driver. Consult your driver's documentation - for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward - API about the pod that should populate this - volume - properties: - defaultMode: - description: 'Optional: mode bits to use - on created files by default. Must be a - Optional: mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a - decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. Defaults to 0644. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - format: int32 - type: integer + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly specifies + whether read-only mounts should be + handled recursively. \n If ReadOnly + is false, this field has no meaning + and must be unspecified. \n If ReadOnly + is true, and this field is set to + Disabled, the mount is not made recursively + read-only. If this field is set to + IfPossible, the mount is made recursively + read-only, if it is supported by the + container runtime. If this field + is set to Enabled, the mount is made + recursively read-only if it is supported + by the container runtime, otherwise + the pod will not be started and an + error will be generated to indicate + the reason. \n If this field is set + to IfPossible or Enabled, MountPropagation + must be set to None (or be unspecified, + which defaults to None). \n If this + field is not specified, it is treated + as an equivalent of Disabled." + type: string + subPath: + description: Path within the volume + from which the container's volume + should be mounted. Defaults to "" + (volume's root). + type: string + subPathExpr: + description: Expanded path within the + volume from which the container's + volume should be mounted. Behaves + similarly to SubPath but environment + variable references $(VAR_NAME) are + expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes indicates the list of + volumes of targeted application that should + be mounted on the backup/restore job. items: - description: Items is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary - directory that shares a pod''s lifetime. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type - of storage medium should back this directory. - The default is "" which means to use the - node''s default medium. Must be an empty - string (default) or Memory. More info: - https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount - of local storage required for this EmptyDir - volume. The size limit is also applicable - for memory medium. The maximum usage on - memory medium EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits of all - containers in a pod. The default is nil - which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume - that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod - that defines it - it will be created before - the pod starts, and deleted when the pod is - removed. \n Use this if: a) the volume is - only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type - and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle - of an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in - which this EphemeralVolumeSource is embedded - will be the owner of the PVC, i.e. the - PVC will be deleted together with the - pod. The name of the PVC will be `-` where `` - is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject - the pod if the concatenated name is not - valid for a PVC (for example, too long). - \n An existing PVC with that name that - is not owned by the pod will *not* be - used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is - then blocked until the unrelated PVC is - removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has - to updated with an owner reference to - the pod once the pod exists. Normally - this should not be necessary, but it may - be useful when manually reconstructing - a broken cluster. \n This field is read-only - and no changes will be made by Kubernetes - to the PVC after it has been created. - \n Required, must not be nil." + description: Volume represents a named volume + in a pod that may be accessed by any container + in the pod. properties: - metadata: - description: May contain labels and - annotations that will be copied into - the PVC when creating it. No other - fields are allowed and will be rejected - during validation. + awsElasticBlockStore: + description: 'awsElasticBlockStore represents + an AWS Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true + will force the readOnly setting + in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique + ID of the persistent disk resource + in AWS (Amazon EBS volume). More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an + Azure Data Disk mount on the host + and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the + Host Caching mode: None, Read + Only, Read Write.' + type: string + diskName: + description: diskName is the Name + of the data disk in the blob storage + type: string + diskURI: + description: diskURI is the URI + of data disk in the blob storage + type: string + fsType: + description: fsType is Filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values + are Shared: multiple blob disks + per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only + in managed availability set). + defaults to shared' + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an + Azure File Service mount on the host + and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretName: + description: secretName is the name + of secret that contains Azure + Storage Account Name and Key + type: string + shareName: + description: shareName is the azure + share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph + FS mount on the host that shares a + pod's lifetime + properties: + monitors: + description: 'monitors is Required: + Monitors is a collection of Ceph + monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: + Used as the mounted root, rather + than the full Ceph tree, default + is /' + type: string + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts. More + info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: + SecretFile is the path to key + ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: + SecretRef is reference to the + authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: + User is the rados user name, default + is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder + volume attached and mounted on kubelets + host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Examples: "ext4", "xfs", + "ntfs". Implicitly inferred to + be "ext4" if unspecified. More + info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults + to false (read/write). ReadOnly + here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: + points to a secret object containing + parameters used to connect to + OpenStack.' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify + the volume in cinder. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a + configMap that should populate this + volume properties: - annotations: + defaultMode: + description: 'defaultMode is optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the ConfigMap, + the volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage + Interface) represents ephemeral storage + that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: driver is the name + of the CSI driver that handles + this volume. Consult with your + admin for the correct name as + registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. + "ext4", "xfs", "ntfs". If not + provided, the empty value is passed + to the associated CSI driver which + will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef + is a reference to the secret object + containing sensitive information + to pass to the CSI driver to complete + the CSI NodePublishVolume and + NodeUnpublishVolume calls. This + field is optional, and may be + empty if no secret is required. + If the secret object contains + more than one secret, all secret + references are passed. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies + a read-only configuration for + the volume. Defaults to false + (read/write). + type: boolean + volumeAttributes: additionalProperties: type: string - description: 'Annotations is an - unstructured key value map stored - with a resource that may be set - by external tools to store and - retrieve arbitrary metadata. They - are not queryable and should be - preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' + description: volumeAttributes stores + driver-specific properties that + are passed to the CSI driver. + Consult your driver's documentation + for supported values. type: object - generateName: - description: "GenerateName is an - optional prefix, used by the server, - to generate a unique name ONLY - IF the Name field has not been - provided. If this field is used, - the name returned to the client - will be different than the name - passed. This value will also be - combined with a unique suffix. - The provided value has the same - validation rules as the Name field, - and may be truncated by the length - of the suffix required to make - the value unique on the server. - \n If this field is specified - and the generated name exists, - the server will NOT return a 409 - - instead, it will either return - 201 Created or 500 with Reason - ServerTimeout indicating a unique - name could not be found in the - time allotted, and the client - should retry (optionally after - the time indicated in the Retry-After - header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents + downward API about the pod that should + populate this volume + properties: + defaultMode: + description: 'Optional: mode bits + to use on created files by default. + Must be a Optional: mode bits + used to set permissions on created + files by default. Must be an octal + value between 0000 and 0777 or + a decimal value between 0 and + 511. YAML accepts both octal and + decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of + downward API volume file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod + field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only + annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode + bits used to set permissions + on this file, must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or + contain the ''..'' path. + Must be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, requests.cpu + and requests.memory) are + currently supported.' + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output format of + the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a + temporary directory that shares a + pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents + what type of storage medium should + back this directory. The default + is "" which means to use the node''s + default medium. Must be an empty + string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys - and values that can be used to - organize and categorize (scope - and select) objects. May match - selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total + amount of local storage required + for this EmptyDir volume. The + size limit is also applicable + for memory medium. The maximum + usage on memory medium EmptyDir + would be the minimum value between + the SizeLimit specified here and + the sum of memory limits of all + containers in a pod. The default + is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a + volume that is handled by a cluster + storage driver. The volume's lifecycle + is tied to the pod that defines it + - it will be created before the pod + starts, and deleted when the pod is + removed. \n Use this if: a) the volume + is only needed while the pod runs, + b) features of normal volumes like + restoring from snapshot or capacity + tracking are needed, c) the storage + driver is specified through a storage + class, and d) the storage driver supports + dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection + between this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one + of the vendor-specific APIs for volumes + that persist for longer than the lifecycle + of an individual pod. \n Use CSI for + light-weight local ephemeral volumes + if the CSI driver is meant to be used + that way - see the documentation of + the driver for more information. \n + A pod can use both types of ephemeral + volumes and persistent volumes at + the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create + a stand-alone PVC to provision + the volume. The pod in which this + EphemeralVolumeSource is embedded + will be the owner of the PVC, + i.e. the PVC will be deleted together + with the pod. The name of the + PVC will be `-` where `` is + the name from the `PodSpec.Volumes` + array entry. Pod validation will + reject the pod if the concatenated + name is not valid for a PVC (for + example, too long). \n An existing + PVC with that name that is not + owned by the pod will *not* be + used for the pod to avoid using + an unrelated volume by mistake. + Starting the pod is then blocked + until the unrelated PVC is removed. + If such a pre-created PVC is meant + to be used by the pod, the PVC + has to updated with an owner reference + to the pod once the pod exists. + Normally this should not be necessary, + but it may be useful when manually + reconstructing a broken cluster. + \n This field is read-only and + no changes will be made by Kubernetes + to the PVC after it has been created. + \n Required, must not be nil." + properties: + metadata: + description: May contain labels + and annotations that will + be copied into the PVC when + creating it. No other fields + are allowed and will be rejected + during validation. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations + is an unstructured key + value map stored with + a resource that may be + set by external tools + to store and retrieve + arbitrary metadata. They + are not queryable and + should be preserved when + modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName + is an optional prefix, + used by the server, to + generate a unique name + ONLY IF the Name field + has not been provided. + If this field is used, + the name returned to the + client will be different + than the name passed. + This value will also be + combined with a unique + suffix. The provided value + has the same validation + rules as the Name field, + and may be truncated by + the length of the suffix + required to make the value + unique on the server. + \n If this field is specified + and the generated name + exists, the server will + NOT return a 409 - instead, + it will either return + 201 Created or 500 with + Reason ServerTimeout indicating + a unique name could not + be found in the time allotted, + and the client should + retry (optionally after + the time indicated in + the Retry-After header). + \n Applied only if Name + is not specified. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string + keys and values that can + be used to organize and + categorize (scope and + select) objects. May match + selectors of replication + controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must + be unique within a namespace. + Is required when creating + resources, although some + resources may allow a + client to request the + generation of an appropriate + name automatically. Name + is primarily intended + for creation idempotence + and configuration definition. + Cannot be updated. More + info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace + defines the space within + each name must be unique. + An empty namespace is + equivalent to the \"default\" + namespace, but \"default\" + is the canonical representation. + Not all objects are required + to be scoped to a namespace + - the value of this field + for those objects will + be empty. \n Must be a + DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects + depended by this object. + If ALL objects in the + list have been deleted, + this object will be garbage + collected. If this object + is managed by a controller, + then an entry in this + list will point to this + controller, with the controller + field set to true. There + cannot be more than one + managing controller. + items: + description: OwnerReference + contains enough information + to let you identify + an owning object. An + owning object must be + in the same namespace + as the dependent, or + be cluster-scoped, so + there is no namespace + field. + properties: + apiVersion: + description: API version + of the referent. + type: string + blockOwnerDeletion: + description: If true, + AND if the owner + has the "foregroundDeletion" + finalizer, then + the owner cannot + be deleted from + the key-value store + until this reference + is removed. See + https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage + collector interacts + with this field + and enforces the + foreground deletion. + Defaults to false. + To set this field, + a user needs "delete" + permission of the + owner, otherwise + 422 (Unprocessable + Entity) will be + returned. + type: boolean + controller: + description: If true, + this reference points + to the managing + controller. + type: boolean + kind: + description: 'Kind + of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID + of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + spec: + description: The specification + for the PersistentVolumeClaim. + The entire content is copied + unchanged into the PVC that + gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: 'accessModes + contains the desired access + modes the volume should + have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: 'dataSource + field can be used to specify + either: * An existing + VolumeSnapshot object + (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or + an external controller + can support the specified + data source, it will create + a new volume based on + the contents of the specified + data source. When the + AnyVolumeDataSource feature + gate is enabled, dataSource + contents will be copied + to dataSourceRef, and + dataSourceRef contents + will be copied to dataSource + when dataSourceRef.namespace + is not specified. If the + namespace is specified, + then dataSourceRef will + not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef + specifies the object from + which to populate the + volume with data, if a + non-empty volume is desired. + This may be any object + from a non-empty API group + (non core object) or a + PersistentVolumeClaim + object. When this field + is specified, volume binding + will only succeed if the + type of the specified + object matches some installed + volume populator or dynamic + provisioner. This field + will replace the functionality + of the dataSource field + and as such if both fields + are non-empty, they must + have the same value. For + backwards compatibility, + when namespace isn''t + specified in dataSourceRef, + both fields (dataSource + and dataSourceRef) will + be set to the same value + automatically if one of + them is empty and the + other is non-empty. When + namespace is specified + in dataSourceRef, dataSource + isn''t set to the same + value and must be empty. + There are three important + differences between dataSource + and dataSourceRef: * While + dataSource only allows + two specific types of + objects, dataSourceRef + allows any non-core object, + as well as PersistentVolumeClaim + objects. * While dataSource + ignores disallowed values + (dropping them), dataSourceRef + preserves all values, + and generates an error + if a disallowed value + is specified. * While + dataSource only allows + local objects, dataSourceRef + allows objects in any + namespaces. (Beta) Using + this field requires the + AnyVolumeDataSource feature + gate to be enabled. (Alpha) + Using the namespace field + of dataSourceRef requires + the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not + specified, the specified + Kind must be in the + core API group. For + any other third-party + types, APIGroup is + required. + type: string + kind: + description: Kind is + the type of resource + being referenced + type: string + name: + description: Name is + the name of resource + being referenced + type: string + namespace: + description: Namespace + is the namespace of + resource being referenced + Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required + in the referent namespace + to allow that namespace's + owner to accept the + reference. See the + ReferenceGrant documentation + for details. (Alpha) + This field requires + the CrossNamespaceVolumeDataSource + feature gate to be + enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources + represents the minimum + resources the volume should + have. If RecoverVolumeExpansionFailure + feature is enabled users + are allowed to specify + resource requirements + that are lower than previous + value but must still be + higher than capacity recorded + in the status field of + the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits + describes the maximum + amount of compute + resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests + describes the minimum + amount of compute + resources required. + If Requests is omitted + for a container, it + defaults to Limits + if that is explicitly + specified, otherwise + to an implementation-defined + value. Requests cannot + exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is + a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements are + ANDed. + items: + description: A label + selector requirement + is a selector that + contains values, + a key, and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents a + key's relationship + to a set of + values. Valid + operators are + In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array + of string values. + If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or + DoesNotExist, + the values array + must be empty. + This array is + replaced during + a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels + map is equivalent + to an element of matchExpressions, + whose key field is + "key", the operator + is "In", and the values + array contains only + "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName + is the name of the StorageClass + required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeAttributesClassName: + description: 'volumeAttributesClassName + may be used to set the + VolumeAttributesClass + used by this claim. If + specified, the CSI driver + will create or update + the volume with the attributes + defined in the corresponding + VolumeAttributesClass. + This has a different purpose + than storageClassName, + it can be changed after + the claim is created. + An empty string value + means that no VolumeAttributesClass + will be applied to the + claim but it''s not allowed + to reset this field to + empty string once it is + set. If unspecified and + the PersistentVolumeClaim + is unbound, the default + VolumeAttributesClass + will be set by the persistentvolume + controller if it exists. + If the resource referred + to by volumeAttributesClass + does not exist, this PersistentVolumeClaim + will be set to a Pending + state, as reflected by + the modifyVolumeStatus + field, until such as a + resource exists. More + info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field + requires the VolumeAttributesClass + feature gate to be enabled.' + type: string + volumeMode: + description: volumeMode + defines what type of volume + is required by the claim. + Value of Filesystem is + implied when not included + in claim spec. + type: string + volumeName: + description: volumeName + is the binding reference + to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec type: object - name: - description: 'Name must be unique - within a namespace. Is required - when creating resources, although - some resources may allow a client - to request the generation of an - appropriate name automatically. - Name is primarily intended for - creation idempotence and configuration - definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines - the space within each name must - be unique. An empty namespace - is equivalent to the \"default\" - namespace, but \"default\" is - the canonical representation. - Not all objects are required to - be scoped to a namespace - the - value of this field for those - objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended - by this object. If ALL objects - in the list have been deleted, - this object will be garbage collected. - If this object is managed by a - controller, then an entry in this - list will point to this controller, - with the controller field set - to true. There cannot be more - than one managing controller. - items: - description: OwnerReference contains - enough information to let you - identify an owning object. An - owning object must be in the - same namespace as the dependent, - or be cluster-scoped, so there - is no namespace field. - properties: - apiVersion: - description: API version of - the referent. - type: string - blockOwnerDeletion: - description: If true, AND - if the owner has the "foregroundDeletion" - finalizer, then the owner - cannot be deleted from the - key-value store until this - reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector - interacts with this field - and enforces the foreground - deletion. Defaults to false. - To set this field, a user - needs "delete" permission - of the owner, otherwise - 422 (Unprocessable Entity) - will be returned. - type: boolean - controller: - description: If true, this - reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the - referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array type: object - spec: - description: The specification for the - PersistentVolumeClaim. The entire - content is copied unchanged into the - PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. + fc: + description: fc represents a Fibre Channel + resource that is attached to a kubelet's + host machine and then exposed to the + pod. properties: - accessModes: - description: 'accessModes contains - the desired access modes the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + fsType: + description: 'fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. TODO: how do we + prevent errors in the filesystem + from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC + target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: + Defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: + FC target worldwide names (WWNs)' items: type: string - type: array - dataSource: - description: 'dataSource field can - be used to specify either: * An - existing VolumeSnapshot object - (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external - controller can support the specified - data source, it will create a - new volume based on the contents - of the specified data source. - When the AnyVolumeDataSource feature - gate is enabled, dataSource contents - will be copied to dataSourceRef, - and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace - is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string - name: - description: Name is the name - of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies - the object from which to populate - the volume with data, if a non-empty - volume is desired. This may be - any object from a non-empty API - group (non core object) or a PersistentVolumeClaim - object. When this field is specified, - volume binding will only succeed - if the type of the specified object - matches some installed volume - populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as - such if both fields are non-empty, - they must have the same value. - For backwards compatibility, when - namespace isn''t specified in - dataSourceRef, both fields (dataSource - and dataSourceRef) will be set - to the same value automatically - if one of them is empty and the - other is non-empty. When namespace - is specified in dataSourceRef, - dataSource isn''t set to the same - value and must be empty. There - are three important differences - between dataSource and dataSourceRef: - * While dataSource only allows - two specific types of objects, - dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim - objects. * While dataSource ignores - disallowed values (dropping them), - dataSourceRef preserves all values, - and generates an error if a disallowed - value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. - (Beta) Using this field requires - the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef - requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC + volume world wide identifiers + (wwids) Either wwids or combination + of targetWWNs and lun must be + set, but not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a + generic volume resource that is provisioned/attached + using an exec based plugin. + properties: + driver: + description: driver is the name + of the driver to use for this + volume. + type: string + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: + this field holds extra command + options if any.' + type: object + readOnly: + description: 'readOnly is Optional: + defaults to false (read/write). + ReadOnly here will force the ReadOnly + setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: + secretRef is reference to the + secret object containing sensitive + information to pass to the plugin + scripts. This may be empty if + no secret object is specified. + If the secret object contains + more than one secret, all secrets + are passed to the plugin scripts.' properties: - apiGroup: - description: APIGroup is the - group for the resource being - referenced. If APIGroup is - not specified, the specified - Kind must be in the core API - group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type - of resource being referenced - type: string name: - description: Name is the name - of resource being referenced - type: string - namespace: - description: Namespace is the - namespace of resource being - referenced Note that when - a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant - object is required in the - referent namespace to allow - that namespace's owner to - accept the reference. See - the ReferenceGrant documentation - for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - required: - - kind - - name type: object - resources: - description: 'resources represents - the minimum resources the volume - should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed - to specify resource requirements - that are lower than previous value - but must still be higher than - capacity recorded in the status - field of the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker + volume attached to a kubelet's host + machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: datasetName is Name + of the dataset stored as metadata + -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the + UUID of the dataset. This is unique + identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents + a GCE Disk resource that is attached + to a kubelet''s host machine and then + exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + partition: + description: 'partition is the partition + in the volume that you want to + mount. If omitted, the default + is to mount by volume name. Examples: + For volume /dev/sda1, you specify + the partition as "1". Similarly, + the volume partition for /dev/sda + is "0" (or you can leave the property + empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name + of the PD resource in GCE. Used + to identify the disk in GCE. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a + Glusterfs mount on the host that shares + a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs + volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will + force the Glusterfs volume to + be mounted with read-only permissions. + Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a + pre-existing file or directory on + the host machine that is directly + exposed to the container. This is + generally used for system agents or + other privileged things that are allowed + to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict + who can use host directory mounts + and who can/can not mount host directories + as read/write.' + properties: + path: + description: 'path of the directory + on the host. If the path is a + symlink, it will follow the link + to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath + Volume Defaults to "" More info: + https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI + Disk resource that is attached to + a kubelet''s host machine and then + exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines + whether support iSCSI Discovery + CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines + whether support iSCSI Session + CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + initiatorName: + description: initiatorName is the + custom iSCSI Initiator Name. If + initiatorName is specified with + iscsiInterface simultaneously, + new iSCSI interface : will be created for the + connection. + type: string + iqn: + description: iqn is the target iSCSI + Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the + interface Name that uses an iSCSI + transport. Defaults to 'default' + (tcp). + type: string + lun: + description: lun represents iSCSI + Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI + Target Portal List. The portal + is either an IP or ip_addr:port + if the port is other than default + (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP + Secret for iSCSI target and initiator + authentication properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string type: object - selector: - description: selector is a label - query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, a - key, and an operator that - relates the key and values. + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI + Target Portal. The Portal is either + an IP or ip_addr:port if the port + is other than default (typically + TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must + be a DNS_LABEL and unique within the + pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS + mount on the host that shares a pod''s + lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported + by the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will + force the NFS export to be mounted + with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname + or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource + represents a reference to a PersistentVolumeClaim + in the same namespace. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name + of a PersistentVolumeClaim in + the same namespace as the pod + using this volume. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force + the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents + a PhotonController persistent disk + attached and mounted on kubelets host + machine + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that + identifies Photon Controller persistent + disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents + a portworx volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fSType represents the + filesystem type to mount Must + be a filesystem type supported + by the host operating system. + Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies + a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all + in one resources secrets, configmaps, + and downward API + properties: + defaultMode: + description: defaultMode are the + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Directories within the path are + not affected by this setting. + This might be in conflict with + other options that affect the + file mode, like fsGroup, and the + result can be other mode bits + set. + format: int32 + type: integer + sources: + description: sources is the list + of volume projections + items: + description: Projection that may + be projected along with other + supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle + allows a pod to access the + `.spec.trustBundle` field + of ClusterTrustBundle objects + in an auto-updating file. + \n Alpha, gated by the ClusterTrustBundleProjection + feature gate. \n ClusterTrustBundle + objects can either be selected + by name, or by the combination + of signer name and a label + selector. \n Kubelet performs + aggressive normalization + of the PEM contents written + into the pod filesystem. + \ Esoteric PEM features + such as inter-block comments + and block headers are stripped. + \ Certificates are deduplicated. + The ordering of certificates + within the file is arbitrary, + and Kubelet may change the + order over time." properties: - key: - description: key is the - label key that the selector - applies to. + labelSelector: + description: Select all + ClusterTrustBundles + that match this label + selector. Only has + effect if signerName + is set. Mutually-exclusive + with name. If unset, + interpreted as "match + nothing". If set but + empty, interpreted as + "match everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label + selector requirements. + The requirements + are ANDed. + items: + description: A label + selector requirement + is a selector + that contains + values, a key, + and an operator + that relates the + key and values. + properties: + key: + description: key + is the label + key that the + selector applies + to. + type: string + operator: + description: operator + represents + a key's relationship + to a set of + values. Valid + operators + are In, NotIn, + Exists and + DoesNotExist. + type: string + values: + description: values + is an array + of string + values. If + the operator + is In or NotIn, + the values + array must + be non-empty. + If the operator + is Exists + or DoesNotExist, + the values + array must + be empty. + This array + is replaced + during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single + {key,value} in the + matchLabels map + is equivalent to + an element of matchExpressions, + whose key field + is "key", the operator + is "In", and the + values array contains + only "value". The + requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a + single ClusterTrustBundle + by object name. Mutually-exclusive + with signerName and + labelSelector. type: string - operator: - description: operator - represents a key's relationship - to a set of values. - Valid operators are - In, NotIn, Exists and - DoesNotExist. + optional: + description: If true, + don't block pod startup + if the referenced ClusterTrustBundle(s) + aren't available. If + using name, then the + named ClusterTrustBundle + is allowed not to exist. If + using signerName, then + the combination of signerName + and labelSelector is + allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative + path from the volume + root to write the bundle. + type: string + signerName: + description: Select all + ClusterTrustBundles + that match this signer + name. Mutually-exclusive + with name. The contents + of all selected ClusterTrustBundles + will be unified and + deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information + about the configMap data + to project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced ConfigMap + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + ConfigMap, the volume + setup will error unless + it is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - values: - description: values is - an array of string values. - If the operator is In - or NotIn, the values - array must be non-empty. - If the operator is Exists - or DoesNotExist, the - values array must be - empty. This array is - replaced during a strategic - merge patch. + optional: + description: optional + specify whether the + ConfigMap or its keys + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information + about the downwardAPI data + to project + properties: + items: + description: Items is + a list of DownwardAPIVolume + file items: - type: string + description: DownwardAPIVolumeFile + represents information + to create the file + containing the pod + field + properties: + fieldRef: + description: 'Required: + Selects a field + of the pod: only + annotations, labels, + name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version + of the schema + the FieldPath + is written + in terms of, + defaults to + "v1". + type: string + fieldPath: + description: Path + of the field + to select + in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: + mode bits used + to set permissions + on this file, + must be an octal + value between + 0000 and 0777 + or a decimal value + between 0 and + 511. YAML accepts + both octal and + decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the + file to be created. + Must not be absolute + or contain the + ''..'' path. Must + be utf-8 encoded. + The first item + of the relative + path must not + start with ''..''' + type: string + resourceFieldRef: + description: 'Selects + a resource of + the container: + only resources + limits and requests + (limits.cpu, limits.memory, + requests.cpu and + requests.memory) + are currently + supported.' + properties: + containerName: + description: 'Container + name: required + for volumes, + optional for + env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies + the output + format of + the exposed + resources, + defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information + about the secret data to + project + properties: + items: + description: items if + unspecified, each key-value + pair in the Data field + of the referenced Secret + will be projected into + the volume as a file + whose name is the key + and content is the value. + If specified, the listed + keys will be projected + into the specified paths, + and unlisted keys will + not be present. If a + key is specified which + is not present in the + Secret, the volume setup + will error unless it + is marked optional. + Paths must be relative + and may not contain + the '..' path or start + with '..'. + items: + description: Maps a + string key to a path + within a volume. + properties: + key: + description: key + is the key to + project. + type: string + mode: + description: 'mode + is Optional: mode + bits used to set + permissions on + this file. Must + be an octal value + between 0000 and + 0777 or a decimal + value between + 0 and 511. YAML + accepts both octal + and decimal values, + JSON requires + decimal values + for mode bits. + If not specified, + the volume defaultMode + will be used. + This might be + in conflict with + other options + that affect the + file mode, like + fsGroup, and the + result can be + other mode bits + set.' + format: int32 + type: integer + path: + description: path + is the relative + path of the file + to map the key + to. May not be + an absolute path. + May not contain + the path element + '..'. May not + start with the + string '..'. + type: string + required: + - key + - path + type: object type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of + the referent. This field + is effectively required, + but due to backwards + compatibility is allowed + to be empty. Instances + of this type with an + empty value here are + almost certainly wrong. + TODO: Add other useful + fields. apiVersion, + kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional + field specify whether + the Secret or its key + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken + is information about the + serviceAccountToken data + to project + properties: + audience: + description: audience + is the intended audience + of the token. A recipient + of a token must identify + itself with an identifier + specified in the audience + of the token, and otherwise + should reject the token. + The audience defaults + to the identifier of + the apiserver. + type: string + expirationSeconds: + description: expirationSeconds + is the requested duration + of validity of the service + account token. As the + token approaches expiration, + the kubelet volume plugin + will proactively rotate + the service account + token. The kubelet will + start trying to rotate + the token if the token + is older than 80 percent + of its time to live + or if the token is older + than 24 hours.Defaults + to 1 hour and must be + at least 10 minutes. + format: int64 + type: integer + path: + description: path is the + path relative to the + mount point of the file + to project the token + into. + type: string required: - - key - - operator + - path type: object - type: array - matchLabels: - additionalProperties: + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte + mount on the host that shares a pod's + lifetime + properties: + group: + description: group to map volume + access to Default is no group + type: string + readOnly: + description: readOnly here will + force the Quobyte volume to be + mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: registry represents + a single or multiple Quobyte Registry + services specified as a string + as host:port pair (multiple entries + are separated with commas) which + acts as the central registry for + volumes + type: string + tenant: + description: tenant owning the given + Quobyte volume in the Backend + Used with dynamically provisioned + Quobyte volumes, value is set + by the plugin + type: string + user: + description: user to map volume + access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string + that references an already created + Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados + Block Device mount on the host that + shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem + type of the volume that you want + to mount. Tip: Ensure that the + filesystem type is supported by + the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors + in the filesystem from compromising + the machine' + type: string + image: + description: 'image is the rados + image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path + to key ring for RBDUser. Default + is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection + of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados + pool name. Default is rbd. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will + force the ReadOnly setting in + VolumeMounts. Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name + of the authentication secret for + RBDUser. If provided overrides + keyring. Default is nil. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados + user name. Default is admin. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO + persistent volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host + address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is + the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef references + to the secret for ScaleIO user + and other sensitive information. + If this is not provided, Login + operation will fail. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, + default false + type: boolean + storageMode: + description: storageMode indicates + whether the storage for a volume + should be ThickProvisioned or + ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the + ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name + of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: volumeName is the name + of a volume already created in + the ScaleIO system that is associated + with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret + that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: + mode bits used to set permissions + on created files by default. Must + be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. + Defaults to 0644. Directories + within the path are not affected + by this setting. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can be + other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, + the listed keys will be projected + into the specified paths, and + unlisted keys will not be present. + If a key is specified which is + not present in the Secret, the + volume setup will error unless + it is marked optional. Paths must + be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: key is the key + to project. type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in the - matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object + mode: + description: 'mode is Optional: + mode bits used to set permissions + on this file. Must be an + octal value between 0000 + and 0777 or a decimal value + between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If + not specified, the volume + defaultMode will be used. + This might be in conflict + with other options that + affect the file mode, like + fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative + path of the file to map + the key to. May not be an + absolute path. May not contain + the path element '..'. May + not start with the string + '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify + whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'secretName is the + name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a + StorageOS volume attached and mounted + on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to + false (read/write). ReadOnly here + will force the ReadOnly setting + in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies + the secret to use for obtaining + the StorageOS API credentials. If + not specified, default values + will be attempted. + properties: + name: + default: "" + description: 'Name of the referent. + This field is effectively + required, but due to backwards + compatibility is allowed to + be empty. Instances of this + type with an empty value here + are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string type: object x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is - the name of the StorageClass required - by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + volumeName: + description: volumeName is the human-readable + name of the StorageOS volume. Volume + names are only unique within a + namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies + the scope of the volume within + StorageOS. If no namespace is + specified then the Pod's namespace + will be used. This allows the + Kubernetes name scoping to be + mirrored within StorageOS for + tighter integration. Set VolumeName + to any name to override the default + behaviour. Set to "default" if + you are not using namespaces within + StorageOS. Namespaces that do + not pre-exist within StorageOS + will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents + a vSphere volume attached and mounted + on kubelets host machine + properties: + fsType: + description: fsType is filesystem + type to mount. Must be a filesystem + type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is + the storage Policy Based Management + (SPBM) profile ID associated with + the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is + the storage Policy Based Management + (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path + that identifies vSphere volume + vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + variables: + description: Variables specifies a list of variables + and their sources that will be used to resolve + the task. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName - may be used to set the VolumeAttributesClass - used by this claim. If specified, - the CSI driver will create or - update the volume with the attributes - defined in the corresponding VolumeAttributesClass. - This has a different purpose than - storageClassName, it can be changed - after the claim is created. An - empty string value means that - no VolumeAttributesClass will - be applied to the claim but it''s - not allowed to reset this field - to empty string once it is set. - If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume - controller if it exists. If the - resource referred to by volumeAttributesClass - does not exist, this PersistentVolumeClaim - will be set to a Pending state, - as reflected by the modifyVolumeStatus - field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires - the VolumeAttributesClass feature - gate to be enabled.' + fieldPath: + description: Path of the field to + select in the specified API version. type: string - volumeMode: - description: volumeMode defines - what type of volume is required - by the claim. Value of Filesystem - is implied when not included in - claim spec. + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' type: string + required: + - resource type: object - required: - - spec + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: 'Name of the referent. + This field is effectively required, + but due to backwards compatibility + is allowed to be empty. Instances + of this type with an empty value + here are almost certainly wrong. + TODO: Add other useful fields. + apiVersion, kind, uid? More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` + when controller-gen doesn''t need + it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic type: object + required: + - name type: object - fc: - description: fc represents a Fibre Channel resource - that is attached to a kubelet's host machine - and then exposed to the pod. - properties: - fsType: - description: 'fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. TODO: how do - we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target - lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC - target worldwide names (WWNs)' - items: + type: array + type: object + type: array + type: object + manifestOptions: + description: ManifestOptions provide options to select particular + manifest object to restore + properties: + mariaDB: + description: MariaDB specifies the options for selecting + particular MariaDB components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + mongoDB: + description: MongoDB specifies the options for selecting + particular MongoDB components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + mySQL: + description: MySQL specifies the options for selecting + particular MySQL components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + postgres: + description: Postgres specifies the options for selecting + particular Postgres components to restore in manifest + restore + properties: + authSecret: + description: AuthSecret specifies whether to restore + the AuthSecret manifest or not + type: boolean + authSecretName: + description: AuthSecretName specifies new name of + the AuthSecret yaml after restore + type: string + configSecret: + description: ConfigSecret specifies whether to restore + the ConfigSecret manifest or not + type: boolean + configSecretName: + description: ConfigSecretName specifies new name + of the ConfigSecret yaml after restore + type: string + db: + description: DB specifies whether to restore the + DB manifest or not + type: boolean + dbName: + description: DBName specifies the new name of the + DB yaml after restore + type: string + issuerRefName: + description: IssuerRefName specifies new name of + the IssuerRef after restore + type: string + type: object + restoreNamespace: + description: RestoreNamespace specifies the Namespace + where the restored files will be applied + type: string + type: object + target: + description: Target indicates the target application where + the data will be restored + properties: + apiGroup: + type: string + kind: + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + required: + - name + type: object + type: object + retryConfig: + description: RetryConfig specifies the behavior of the retry + mechanism in case of a verification failure. + properties: + delay: + description: 'The amount of time to wait before next retry. + If you don''t specify this field, KubeStash will retry + immediately. Format: 30s, 2m, 1h etc.' + type: string + maxRetry: + default: 1 + description: MaxRetry specifies the maximum number of times + KubeStash should retry the backup/restore process. By + default, KubeStash will retry only 1 time. + format: int32 + minimum: 1 + type: integer + type: object + runtimeSettings: + description: RuntimeSettings allow to specify Resources, NodeSelector, + Affinity, Toleration, ReadinessProbe etc. for the verification + job. + properties: + container: + properties: + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". type: string - type: array - wwids: - description: 'wwids Optional: FC volume - world wide identifiers (wwids) Either - wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: 'Name of the referent. This + field is effectively required, but due + to backwards compatibility is allowed + to be empty. Instances of this type + with an empty value here are almost + certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when + controller-gen doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are + almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are + almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + ionice: + description: 'Settings to configure `ionice` to throttle + the load on disk. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' + properties: + class: + format: int32 + type: integer + classData: + format: int32 + type: integer + type: object + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. items: type: string type: array + x-kubernetes-list-type: atomic type: object - flexVolume: - description: flexVolume represents a generic - volume resource that is provisioned/attached - using an exec based plugin. + httpGet: + description: HTTPGet specifies the http request + to perform. properties: - driver: - description: driver is the name of the driver - to use for this volume. - type: string - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem - depends on FlexVolume script. + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this - field holds extra command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults - to false (read/write). ReadOnly here will - force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef - is reference to the secret object containing - sensitive information to pass to the plugin - scripts. This may be empty if no secret - object is specified. If the secret object - contains more than one secret, all secrets - are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume - attached to a kubelet's host machine. This - depends on the Flocker control service being - running - properties: - datasetName: - description: datasetName is Name of the - dataset stored as metadata -> name on - the dataset for Flocker should be considered - as deprecated + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. type: string - datasetUUID: - description: datasetUUID is the UUID of - the dataset. This is unique identifier - of a Flocker dataset + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string + required: + - port type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a - GCE Disk resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. properties: - fsType: - description: 'fsType is filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - partition: - description: 'partition is the partition - in the volume that you want to mount. - If omitted, the default is to mount by - volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" - (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 type: integer - pdName: - description: 'pdName is unique name of the - PD resource in GCE. Used to identify the - disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean required: - - pdName + - seconds type: object - glusterfs: - description: 'glusterfs represents a Glusterfs - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md' + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. properties: - endpoints: - description: 'endpoints is the endpoint - name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume - path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string - readOnly: - description: 'readOnly here will force the - Glusterfs volume to be mounted with read-only - permissions. Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true required: - - endpoints - - path + - port type: object - hostPath: - description: 'hostPath represents a pre-existing - file or directory on the host machine that - is directly exposed to the container. This - is generally used for system agents or other - privileged things that are allowed to see - the host machine. Most containers will NOT - need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who - can use host directory mounts and who can/can - not mount host directories as read/write.' + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. + The handler is not called if the container crashes + or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period (unless delayed + by finalizers). Other management of the container + blocks until the hook completes or until the termination + grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. properties: - path: - description: 'path of the directory on the - host. If the path is a symlink, it will - follow the link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults - to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic type: object - iscsi: - description: 'iscsi represents an ISCSI Disk - resource that is attached to a kubelet''s - host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md' + httpGet: + description: HTTPGet specifies the http request + to perform. properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether - support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether - support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom - iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, - new iSCSI interface : will be created for the connection. + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string - iqn: - description: iqn is the target iSCSI Qualified - Name. + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. + This will be canonicalized upon + output, so case-variant names will + be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. type: string - iscsiInterface: - description: iscsiInterface is the interface - Name that uses an iSCSI transport. Defaults - to 'default' (tcp). + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string - lun: - description: lun represents iSCSI Target - Lun number. - format: int32 + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 type: integer - portals: - description: portals is the iSCSI Target - Portal List. The portal is either an IP - or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). + required: + - seconds + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of + this field and lifecycle hooks will fail in + runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + nice: + description: 'Settings to configure `nice` to throttle + the load on cpu. More info: http://kennystechtalk.blogspot.com/2015/04/throttling-cpu-usage-with-linux-cgroups.html + More info: https://oakbytes.wordpress.com/2012/06/06/linux-scheduler-cfs-and-nice/' + properties: + adjustment: + format: int32 + type: integer + type: object + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name. This + will be canonicalized upon output, so + case-variant names will be understood + as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN Note that this field cannot + be set when spec.os.name is windows.' + type: boolean + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by this container. If set, this profile + overrides the pod's appArmorProfile. Note that + this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used. The + profile must be preconfigured on the node + to work. Must match the loaded name of the + profile. Must be set if and only if type is + "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor + profile will be applied. Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime''s + default profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is + windows. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. Note that this field cannot be set + when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this + container. If seccomp options are provided at + both the pod & container level, the container + options override the pod options. Note that this + field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + from the PodSecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + type: object + pod: + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. items: - type: string + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic type: array - readOnly: - description: readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret - for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target - Portal. The Portal is either an IP or - ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a - DNS_LABEL and unique within the pod. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on - the host that shares a pod''s lifetime More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the - NFS export to be mounted with read-only - permissions. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or - IP address of the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a - PersistentVolumeClaim in the same namespace - as the pod using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly - setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents - a PhotonController persistent disk attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies - Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fSType represents the filesystem - type to mount Must be a filesystem type - supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies - a Portworx volume - type: string + x-kubernetes-list-type: atomic required: - - volumeID + - nodeSelectorTerms type: object - projected: - description: projected items for all in one - resources secrets, configmaps, and downward - API - properties: - defaultMode: - description: defaultMode are the mode bits - used to set permissions on created files - by default. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. Directories within - the path are not affected by this setting. - This might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits - set. - format: int32 - type: integer - sources: - description: sources is the list of volume - projections - items: - description: Projection that may be projected - along with other supported volume types + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. properties: - clusterTrustBundle: - description: "ClusterTrustBundle allows - a pod to access the `.spec.trustBundle` - field of ClusterTrustBundle objects - in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection - feature gate. \n ClusterTrustBundle - objects can either be selected by - name, or by the combination of signer - name and a label selector. \n Kubelet - performs aggressive normalization - of the PEM contents written into - the pod filesystem. Esoteric PEM - features such as inter-block comments - and block headers are stripped. - \ Certificates are deduplicated. - The ordering of certificates within - the file is arbitrary, and Kubelet - may change the order over time." - properties: - labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only - has effect if signerName is - set. Mutually-exclusive with - name. If unset, interpreted - as "match nothing". If set - but empty, interpreted as "match - everything". - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key and - values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to a - set of values. Valid - operators are In, - NotIn, Exists and - DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, the - values array must - be non-empty. If the - operator is Exists - or DoesNotExist, the - values array must - be empty. This array - is replaced during - a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is - a map of {key,value} pairs. - A single {key,value} in - the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", - the operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive - with signerName and labelSelector. - type: string - optional: - description: If true, don't block - pod startup if the referenced - ClusterTrustBundle(s) aren't - available. If using name, then - the named ClusterTrustBundle - is allowed not to exist. If - using signerName, then the combination - of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path from - the volume root to write the - bundle. - type: string - signerName: - description: Select all ClusterTrustBundles - that match this signer name. - Mutually-exclusive with name. The - contents of all selected ClusterTrustBundles - will be unified and deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information - about the configMap data to project - properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - items: - description: Maps a string key - to a path within a volume. - properties: - key: - description: key is the - key to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional specify - whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information - about the downwardAPI data to project + labelSelector: + description: A label query over a + set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. properties: - items: - description: Items is a list of - DownwardAPIVolume file + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: - mode bits used to set - permissions on this file, - must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' + key: + description: key is the + label key that the selector + applies to. type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic required: - - path + - key + - operator type: object type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object type: object - secret: - description: secret information about - the secret data to project + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. properties: - items: - description: items if unspecified, - each key-value pair in the Data - field of the referenced Secret - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. items: - description: Maps a string key - to a path within a volume. + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. properties: key: description: key is the - key to project. - type: string - mode: - description: 'mode is Optional: - mode bits used to set - permissions on this file. - Must be an octal value - between 0000 and 0777 - or a decimal value between - 0 and 511. YAML accepts - both octal and decimal - values, JSON requires - decimal values for mode - bits. If not specified, - the volume defaultMode - will be used. This might - be in conflict with other - options that affect the - file mode, like fsGroup, - and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: path is the - relative path of the file - to map the key to. May - not be an absolute path. - May not contain the path - element '..'. May not - start with the string - '..'. + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic required: - key - - path + - operator type: object type: array - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: optional field specify - whether the Secret or its key - must be defined - type: boolean + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object type: object x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is - information about the serviceAccountToken - data to project - properties: - audience: - description: audience is the intended - audience of the token. A recipient - of a token must identify itself - with an identifier specified - in the audience of the token, - and otherwise should reject - the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds - is the requested duration of - validity of the service account - token. As the token approaches - expiration, the kubelet volume - plugin will proactively rotate - the service account token. The - kubelet will start trying to - rotate the token if the token - is older than 80 percent of - its time to live or if the token - is older than 24 hours.Defaults - to 1 hour and must be at least - 10 minutes. - format: int64 - type: integer - path: - description: path is the path - relative to the mount point - of the file to project the token - into. - type: string - required: - - path - type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount - on the host that shares a pod's lifetime - properties: - group: - description: group to map volume access - to Default is no group - type: string - readOnly: - description: readOnly here will force the - Quobyte volume to be mounted with read-only - permissions. Defaults to false. - type: boolean - registry: - description: registry represents a single - or multiple Quobyte Registry services - specified as a string as host:port pair - (multiple entries are separated with commas) - which acts as the central registry for - volumes - type: string - tenant: - description: tenant owning the given Quobyte - volume in the Backend Used with dynamically - provisioned Quobyte volumes, value is - set by the plugin - type: string - user: - description: user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references - an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device - mount on the host that shares a pod''s lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type - of the volume that you want to mount. - Tip: Ensure that the filesystem type is - supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - image: - description: 'image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key - ring for RBDUser. Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the - ReadOnly setting in VolumeMounts. Defaults - to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides - keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select the group + of existing pods which pods will be + taken into consideration for the incoming + pod's pod (anti) affinity. Keys that + don't exist in the incoming pod labels + will be ignored. The default value is + empty. The same key is forbidden to + exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when + labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name - of the ScaleIO Protection Domain for the - configured storage. - type: string - readOnly: - description: readOnly Defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the - secret for ScaleIO user and other sensitive - information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to select the + group of existing pods which pods will + be taken into consideration for the + incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both mismatchLabelKeys and + labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable - SSL communication with Gateway, default - false - type: boolean - storageMode: - description: storageMode indicates whether - the storage for a volume should be ThickProvisioned - or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO - Storage Pool associated with the protection - domain. - type: string - system: - description: system is the name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a - volume already created in the ScaleIO - system that is associated with this volume - source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that - should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode - bits used to set permissions on created - files by default. Must be an octal value - between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. - Directories within the path are not affected - by this setting. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path - within a volume. + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. + labelSelector: + description: A label query over a + set of resources, in this case pods. + If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set + of pod label keys to select which + pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key in (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both matchLabelKeys + and labelSelector. Also, matchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is + a set of pod label keys to select + which pods will be taken into consideration. + The keys are used to lookup values + from the incoming pod labels, those + key-value labels are merged with + `labelSelector` as `key notin (value)` + to select the group of existing + pods which pods will be taken into + consideration for the incoming pod's + pod (anti) affinity. Keys that don't + exist in the incoming pod labels + will be ignored. The default value + is empty. The same key is forbidden + to exist in both mismatchLabelKeys + and labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector + isn't set. This is an alpha field + and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. type: string required: - - key - - path + - topologyKey type: object - type: array - optional: - description: optional field specify whether - the Secret or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of - the secret in the pod''s namespace to - use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS - volume attached and mounted on Kubernetes - nodes. - properties: - fsType: - description: fsType is the filesystem type - to mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false - (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret - to use for obtaining the StorageOS API - credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. If + it's null, this PodAffinityTerm matches + with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key in (value)` to select the group + of existing pods which pods will be + taken into consideration for the incoming + pod's pod (anti) affinity. Keys that + don't exist in the incoming pod labels + will be ignored. The default value is + empty. The same key is forbidden to + exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when + labelSelector isn't set. This is an + alpha field and requires enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set + of pod label keys to select which pods + will be taken into consideration. The + keys are used to lookup values from + the incoming pod labels, those key-value + labels are merged with `labelSelector` + as `key notin (value)` to select the + group of existing pods which pods will + be taken into consideration for the + incoming pod's pod (anti) affinity. + Keys that don't exist in the incoming + pod labels will be ignored. The default + value is empty. The same key is forbidden + to exist in both mismatchLabelKeys and + labelSelector. Also, mismatchLabelKeys + cannot be set when labelSelector isn't + set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity + feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the - scope of the volume within StorageOS. If - no namespace is specified then the Pod's - namespace will be used. This allows the - Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. - Set VolumeName to any name to override - the default behaviour. Set to "default" - if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist - within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere - volume attached and mounted on kubelets host - machine - properties: - fsType: - description: fsType is filesystem type to - mount. Must be a filesystem type supported - by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage - Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage - Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: volumePath is the path that - identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of + references to secrets in the same namespace to use + for pulling any of the images used by this PodRuntimeSettings. + If specified, these secrets will be passed to individual + puller implementations for them to use. For example, + in the case of docker, only DockerConfig type secrets + are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeName: + description: NodeName is a request to schedule this + pod onto a specific node. If it is non-empty, the + scheduler simply schedules this pod onto that node, + assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + podAnnotations: + additionalProperties: + type: string + description: PodAnnotations are the annotations that + will be attached with the respective Pod + type: object + podLabels: + additionalProperties: + type: string + description: PodLabels are the labels that will be attached + with the respective Pod + type: object + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When + Priority Admission Controller is enabled, it prevents + users from setting this field. The admission controller + populates this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest + priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass + object with that name. If not specified, the pod priority + will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will + be evaluated for pod readiness. A pod is ready when + all its containers are ready AND all conditions specified + in the readiness gates have status equal to "True" + More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference + to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition + in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset + or empty, the "legacy" RuntimeClass will be used, + which is an implicit class with an empty definition + that uses the default runtime handler. More info: + https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is an alpha feature and may change in the future.' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, the pod + will be dispatched by default scheduler. + type: string + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + appArmorProfile: + description: appArmorProfile is the AppArmor options + to use by the containers in this pod. Note that + this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + loaded on the node that should be used. The + profile must be preconfigured on the node + to work. Must match the loaded name of the + profile. Must be set if and only if type is + "Localhost". + type: string + type: + description: 'type indicates which kind of AppArmor + profile will be applied. Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime''s + default profile. Unconfined - no AppArmor + enforcement.' + type: string + required: + - type + type: object + fsGroup: + description: "A special supplemental group that + applies to all containers in a pod. Some volume + types allow the Kubelet to change the ownership + of that volume to be owned by the pod: \n 1. The + owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be + owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior + of changing ownership and permission of the volume + before being exposed inside Pod. This field will + only apply to volume types which support fsGroup + based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + all containers. If unspecified, the container + runtime will allocate a random SELinux context + for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot + be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set + when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". + Must NOT be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile should + be used. Unconfined - no profile should be + applied." + type: string required: - - name + - type type: object - type: array - type: object - variables: - description: Variables specifies a list of variables and - their sources that will be used to resolve the task. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previously defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" - will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults - to "".' - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + supplementalGroups: + description: A list of groups applied to the first + process run in each container, in addition to + the container's primary GID, the fsGroup (if specified), + and group memberships defined in the container + image for the uid of the container process. If + unspecified, no additional groups are added to + any container. Note that group memberships defined + in the container image for the uid of the container + process are still effective, even if they are + not included in this list. Note that this field + cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls + (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options + within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and + non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. Defaults + to the user specified in image metadata if + unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: ServiceAccountAnnotations are the annotations + that will be attached with the respective ServiceAccount + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the + ServiceAccount to use to run this pod. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - type: object - type: array - verifier: - description: Verifier refers to the BackupVerification CR that - defines how to verify this particular data. + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be + set when LabelSelector isn't set. Keys that + don't exist in the incoming pod labels will + be ignored. A null or empty list means only + match against labelSelector. \n This is a beta + field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how + we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this + value is nil, the behavior is equivalent to + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. \n If this value is + nil, the behavior is equivalent to the Ignore + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to topologies + that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some + topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object + script: + description: Script specifies the script to be run to verify + backup. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + args: + description: Args specifies the arguments to be provided + with the script. + items: + type: string + type: array + location: + description: Location specifies the absolute path of the + script file's location. type: string - required: - - name type: object + sessionHistoryLimit: + default: 1 + description: SessionHistoryLimit specifies how many BackupVerificationSessions + and associate resources KubeStash should keep for debugging + purpose. The default value is 1. + format: int32 + type: integer + type: + description: 'Type indicate the types of verifier that will + verify the backup. Valid values are: - "RestoreOnly": KubeStash + will create a RestoreSession with the tasks provided in BackupConfiguration''s + verificationStrategies section. - "File": KubeStash will restore + the data and then create a job to check if the files exist + or not. This type is recommended for workload backup verification. + - "Query": KubeStash operator will restore data and then create + a job to run the queries. This type is recommended for database + backup verification. - "Script": KubeStash operator will restore + data and then create a job to run the script. This type is + recommended for database backup verification.' + enum: + - RestoreOnly + - File + - Query + - Script + type: string verifySchedule: description: VerifySchedule specifies the schedule of backup verification in Cron format, see https://en.wikipedia.org/wiki/Cron. diff --git a/crds/core.kubestash.com_backupsessions.yaml b/crds/core.kubestash.com_backupsessions.yaml index 51f413b2..9be053e3 100644 --- a/crds/core.kubestash.com_backupsessions.yaml +++ b/crds/core.kubestash.com_backupsessions.yaml @@ -300,26 +300,6 @@ spec: created for this backupSession. format: int32 type: integer - verifications: - description: Verifications specifies the backup verification status - items: - description: VerificationStatus specifies the status of a backup - verification - properties: - name: - description: Name indicates the name of the respective verification - strategy - type: string - phase: - description: Phase represents the state of the verification - process - enum: - - Verified - - NotVerified - - VerificationFailed - type: string - type: object - type: array type: object type: object served: true diff --git a/crds/core.kubestash.com_backupverifications.yaml b/crds/core.kubestash.com_backupverifications.yaml index 3b7fe4b1..809fe9f3 100644 --- a/crds/core.kubestash.com_backupverifications.yaml +++ b/crds/core.kubestash.com_backupverifications.yaml @@ -118,23 +118,6 @@ spec: file's location. type: string type: object - target: - description: Target indicates the target application where the data - will be restored for backup verification. - properties: - apiGroup: - type: string - kind: - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - required: - - name - type: object type: description: 'Type indicate the types of verifier that will verify the backup. Valid values are: - "RestoreOnly": KubeStash will create @@ -209,11 +192,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -228,11 +213,8 @@ spec: type: object type: object volumeMounts: - description: VolumeMounts specifies the mount path of the volumes - specified in the VolumeTemplate section. These volumes will be mounted - directly on the Job created by KubeStash operator. If the volume - type is VolumeClaimTemplate, then KubeStash operator is responsible - for creating the volume. + description: VolumeMounts specifies the volumes mounts for the executor + container items: description: VolumeMount describes a mounting of a Volume within a container. @@ -245,7 +227,9 @@ spec: description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta - in 1.10. + in 1.10. When RecursiveReadOnly is set to IfPossible or to + Enabled, MountPropagation must be None or unspecified (which + defaults to None). type: string name: description: This must match the Name of a Volume. @@ -254,6 +238,22 @@ spec: description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. type: boolean + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only + mounts should be handled recursively. \n If ReadOnly is false, + this field has no meaning and must be unspecified. \n If ReadOnly + is true, and this field is set to Disabled, the mount is not + made recursively read-only. If this field is set to IfPossible, + the mount is made recursively read-only, if it is supported + by the container runtime. If this field is set to Enabled, + the mount is made recursively read-only if it is supported + by the container runtime, otherwise the pod will not be started + and an error will be generated to indicate the reason. \n + If this field is set to IfPossible or Enabled, MountPropagation + must be set to None (or be unspecified, which defaults to + None). \n If this field is not specified, it is treated as + an equivalent of Disabled." + type: string subPath: description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). @@ -271,1795 +271,463 @@ spec: type: object type: array volumeTemplate: - description: VolumeTemplate specifies a list of volume templates that - is used by the respective backup verification Job to execute its - logic. + description: Volumes specifies the volumes that will be mounted in + the backup verification executor Job to execute its logic. items: - description: VolumeTemplate specifies the name, usage, and the source - of volume that will be used by the backup verification job to - execute its logic. + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: - name: - description: Name specifies the name of the volume - type: string - source: - description: Source specifies the source of this volume. + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume - that you want to mount. If omitted, the default is - to mount by volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can leave the - property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - required: - - volumeID type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in - the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the - blob storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure managed - data disk (only in managed availability set). defaults - to shared' + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI type: object - azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. type: string - type: array - path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is - the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados user - name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume in - cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should - populate this volume + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: - defaultMode: - description: 'defaultMode is optional: mode bits used - to set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within the path - are not affected by this setting. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair - in the Data field of the referenced ConfigMap will - be projected into the volume as a file whose name - is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. If a - key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used - to set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal values - for mode bits. If not specified, the volume - defaultMode will be used. This might be in conflict - with other options that affect the file mode, - like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the - file to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean type: object x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the - associated CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - required: - - driver + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object - downwardAPI: - description: downwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits used - to set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within the path - are not affected by this setting. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set - permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict with - other options that affect the file mode, like - fsGroup, and the result can be other mode bits - set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage - medium should back this directory. The default is - "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local - storage required for this EmptyDir volume. The size - limit is also applicable for memory medium. The maximum - usage on memory medium EmptyDir would be the minimum - value between the SizeLimit specified here and the - sum of memory limits of all containers in a pod. The - default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is - tied to the pod that defines it - it will be created before - the pod starts, and deleted when the pod is removed. \n - Use this if: a) the volume is only needed while the pod - runs, b) features of normal volumes like restoring from - snapshot or capacity tracking are needed, c) the storage - driver is specified through a storage class, and d) the - storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for - more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n - Use CSI for light-weight local ephemeral volumes if the - CSI driver is meant to be used that way - see the documentation - of the driver for more information. \n A pod can use both - types of ephemeral volumes and persistent volumes at the - same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC - to provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the - PVC will be deleted together with the pod. The name - of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` - array entry. Pod validation will reject the pod if - the concatenated name is not valid for a PVC (for - example, too long). \n An existing PVC with that name - that is not owned by the pod will *not* be used for - the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated - PVC is removed. If such a pre-created PVC is meant - to be used by the pod, the PVC has to updated with - an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may - be useful when manually reconstructing a broken cluster. - \n This field is read-only and no changes will be - made by Kubernetes to the PVC after it has been created. - \n Required, must not be nil." - properties: - metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be rejected - during validation. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured - key value map stored with a resource that - may be set by external tools to store and - retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, - used by the server, to generate a unique name - ONLY IF the Name field has not been provided. - If this field is used, the name returned to - the client will be different than the name - passed. This value will also be combined with - a unique suffix. The provided value has the - same validation rules as the Name field, and - may be truncated by the length of the suffix - required to make the value unique on the server. - \n If this field is specified and the generated - name exists, the server will NOT return a - 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating - a unique name could not be found in the time - allotted, and the client should retry (optionally - after the time indicated in the Retry-After - header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values - that can be used to organize and categorize - (scope and select) objects. May match selectors - of replication controllers and services. More - info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although - some resources may allow a client to request - the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within - each name must be unique. An empty namespace - is equivalent to the \"default\" namespace, - but \"default\" is the canonical representation. - Not all objects are required to be scoped - to a namespace - the value of this field for - those objects will be empty. \n Must be a - DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this - object. If ALL objects in the list have been - deleted, this object will be garbage collected. - If this object is managed by a controller, - then an entry in this list will point to this - controller, with the controller field set - to true. There cannot be more than one managing - controller. - items: - description: OwnerReference contains enough - information to let you identify an owning - object. An owning object must be in the - same namespace as the dependent, or be cluster-scoped, - so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner - has the "foregroundDeletion" finalizer, - then the owner cannot be deleted from - the key-value store until this reference - is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts - with this field and enforces the foreground - deletion. Defaults to false. To set - this field, a user needs "delete" permission - of the owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference points - to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the - PVC that gets created from this template. The - same fields as in a PersistentVolumeClaim are - also valid here. - properties: - accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to - specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, - if a non-empty volume is desired. This may - be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding - will only succeed if the type of the specified - object matches some installed volume populator - or dynamic provisioner. This field will replace - the functionality of the dataSource field - and as such if both fields are non-empty, - they must have the same value. For backwards - compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same - value automatically if one of them is empty - and the other is non-empty. When namespace - is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all - values, and generates an error if a disallowed - value is specified. * While dataSource only - allows local objects, dataSourceRef allows - objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature - gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than - previous value but must still be higher than - capacity recorded in the status field of the - claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of - the StorageClass required by the claim. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeAttributesClassName: - description: 'volumeAttributesClassName may - be used to set the VolumeAttributesClass used - by this claim. If specified, the CSI driver - will create or update the volume with the - attributes defined in the corresponding VolumeAttributesClass. - This has a different purpose than storageClassName, - it can be changed after the claim is created. - An empty string value means that no VolumeAttributesClass - will be applied to the claim but it''s not - allowed to reset this field to empty string - once it is set. If unspecified and the PersistentVolumeClaim - is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller - if it exists. If the resource referred to - by volumeAttributesClass does not exist, this - PersistentVolumeClaim will be set to a Pending - state, as reflected by the modifyVolumeStatus - field, until such as a resource exists. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass - (Alpha) Using this field requires the VolumeAttributesClass - feature gate to be enabled.' - type: string - volumeMode: - description: volumeMode defines what type of - volume is required by the claim. Value of - Filesystem is implied when not included in - claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. TODO: how do we prevent - errors in the filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use - for this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". The default filesystem - depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds - extra command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if - no secret object is specified. If the secret object - contains more than one secret, all secrets are passed - to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored - as metadata -> name on the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume - that you want to mount. If omitted, the default is - to mount by volume name. Examples: For volume /dev/sda1, - you specify the partition as "1". Similarly, the volume - partition for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource - in GCE. Used to identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - properties: - path: - description: 'path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that - uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. - The portal is either an IP or ip_addr:port if the - port is other than default (typically TCP ports 860 - and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. The - Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and - 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - description: 'nfs represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting - in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set - permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal and decimal - values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this - setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - clusterTrustBundle: - description: "ClusterTrustBundle allows a pod - to access the `.spec.trustBundle` field of ClusterTrustBundle - objects in an auto-updating file. \n Alpha, - gated by the ClusterTrustBundleProjection feature - gate. \n ClusterTrustBundle objects can either - be selected by name, or by the combination of - signer name and a label selector. \n Kubelet - performs aggressive normalization of the PEM - contents written into the pod filesystem. Esoteric - PEM features such as inter-block comments and - block headers are stripped. Certificates are - deduplicated. The ordering of certificates within - the file is arbitrary, and Kubelet may change - the order over time." - properties: - labelSelector: - description: Select all ClusterTrustBundles - that match this label selector. Only has - effect if signerName is set. Mutually-exclusive - with name. If unset, interpreted as "match - nothing". If set but empty, interpreted - as "match everything". - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Select a single ClusterTrustBundle - by object name. Mutually-exclusive with - signerName and labelSelector. - type: string - optional: - description: If true, don't block pod startup - if the referenced ClusterTrustBundle(s) - aren't available. If using name, then the - named ClusterTrustBundle is allowed not - to exist. If using signerName, then the - combination of signerName and labelSelector - is allowed to match zero ClusterTrustBundles. - type: boolean - path: - description: Relative path from the volume - root to write the bundle. - type: string - signerName: - description: Select all ClusterTrustBundles - that match this signer name. Mutually-exclusive - with name. The contents of all selected - ClusterTrustBundles will be unified and - deduplicated. - type: string - required: - - path - type: object - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the - downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used - to set permissions on this file, must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on this - file. Must be an octal value between - 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal - and decimal values, JSON requires - decimal values for mode bits. If not - specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the - file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path - of the file to map the key to. May - not be an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional field specify whether - the Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to - the mount point of the file to project the - token into. - type: string - required: - - path - type: object + - fieldPath type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is - no group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string - type: array - pool: - description: 'pool is the rados pool name. Default is - rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default is - admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage - for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool - associated with the protection domain. - type: string - system: - description: system is the name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used - to set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal and - decimal values, JSON requires decimal values for mode - bits. Defaults to 0644. Directories within the path - are not affected by this setting. This might be in - conflict with other options that affect the file mode, - like fsGroup, and the result can be other mode bits - set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair - in the Data field of the referenced Secret will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the Secret, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within a - volume. + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: - key: - description: key is the key to project. + containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string - mode: - description: 'mode is Optional: mode bits used - to set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal values - for mode bits. If not specified, the volume - defaultMode will be used. This might be in conflict - with other options that affect the file mode, - like fsGroup, and the result can be other mode - bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the - file to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' type: string required: - - key - - path + - resource type: object - type: array - optional: - description: optional field specify whether the Secret - or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in - the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: volumeClaimTemplate: - description: VolumeClaimTemplate specifies a template for - volume to use by the backup/restore executor + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." properties: metadata: description: May contain labels and annotations that @@ -2190,6 +858,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) @@ -2356,11 +1025,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2396,7 +1067,7 @@ spec: does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.' type: string @@ -2413,35 +1084,1010 @@ spec: required: - spec type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: - fsType: - description: fsType is filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + clusterTrustBundle: + description: "ClusterTrustBundle allows a pod to access + the `.spec.trustBundle` field of ClusterTrustBundle + objects in an auto-updating file. \n Alpha, gated + by the ClusterTrustBundleProjection feature gate. + \n ClusterTrustBundle objects can either be selected + by name, or by the combination of signer name and + a label selector. \n Kubelet performs aggressive + normalization of the PEM contents written into the + pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates + are deduplicated. The ordering of certificates within + the file is arbitrary, and Kubelet may change the + order over time." + properties: + labelSelector: + description: Select all ClusterTrustBundles that + match this label selector. Only has effect + if signerName is set. Mutually-exclusive with + name. If unset, interpreted as "match nothing". If + set but empty, interpreted as "match everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Select a single ClusterTrustBundle + by object name. Mutually-exclusive with signerName + and labelSelector. + type: string + optional: + description: If true, don't block pod startup + if the referenced ClusterTrustBundle(s) aren't + available. If using name, then the named ClusterTrustBundle + is allowed not to exist. If using signerName, + then the combination of signerName and labelSelector + is allowed to match zero ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: Select all ClusterTrustBundles that + match this signer name. Mutually-exclusive with + name. The contents of all selected ClusterTrustBundles + will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: 'Name of the referent. This field + is effectively required, but due to backwards + compatibility is allowed to be empty. Instances + of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' type: string - required: - - volumePath type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath type: object - usage: - description: Usage specifies the usage of the volume. - type: string required: - name type: object diff --git a/crds/core.kubestash.com_backupverificationsession.yaml b/crds/core.kubestash.com_backupverificationsession.yaml index 8d21b995..4ca7b267 100644 --- a/crds/core.kubestash.com_backupverificationsession.yaml +++ b/crds/core.kubestash.com_backupverificationsession.yaml @@ -19,9 +19,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .spec.backupVerifier.name - name: Verifier - type: string - jsonPath: .status.phase name: Phase type: string @@ -53,17 +50,30 @@ spec: description: BackupVerificationSessionSpec specifies the information related to the respective backup verifier, session, repository and snapshot. properties: - backupVerifier: - description: BackupVerifier points to the respective BackupVerification - which is used for verification. + invoker: + description: Invoker points to the respective BackupConfiguration + or BackupBatch which is responsible for triggering this backup verification. properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: Name is the name of resource being referenced type: string + required: + - kind + - name type: object x-kubernetes-map-type: atomic repository: + description: Repository specifies the name of the repository whose + backed-up data will be verified type: string retryLeft: description: RetryLeft specifies number of retry attempts left for @@ -76,8 +86,8 @@ spec: this backup verification type: string snapshot: - description: Snapshot specifies the name of the snapshot that has - been verified in this backup verification + description: Snapshot specifies the name of the snapshot that will + be verified type: string type: object status: @@ -144,10 +154,10 @@ spec: description: Phase represents the current state of the backup verification process. enum: - - Pending - Running - Succeeded - Failed + - Skipped type: string retried: description: Retried specifies whether this session was retried or diff --git a/crds/storage.kubestash.com_snapshots.yaml b/crds/storage.kubestash.com_snapshots.yaml index f163f4f1..e908976c 100644 --- a/crds/storage.kubestash.com_snapshots.yaml +++ b/crds/storage.kubestash.com_snapshots.yaml @@ -342,6 +342,10 @@ spec: for this Snapshot format: int32 type: integer + verificationSession: + description: VerificationSession specifies which BackupVerificationSession + verified this Snapshot + type: string verificationStatus: description: VerificationStatus specifies whether this Snapshot has been verified or not